Job Description :
HI , Please find the below JD & let me know your response ASAP!! Job Title :: GRC Subject Matter Expert Location :: NYC Type :: Contact JD as follows This is SME Role, Need a strong profile with good communication skills as well. At least 11 years of experience in Information Technology. Minimum 5 years of experience requirement in providing GRC solutions. would require interacting with Key stakeholders to enable the Defining of the Policies, procedures, Controls and successfully establish (Design and Implement) the Audit and Compliance framework execute the framework as per the security standards and regulations applicable. The e-GRC implementation for the above established framework also within the scope. Has good knowledge of applicable risk management practices required to create a culture of risk management compliance for his or her group or department. Identifies, assesses, and monitors applicable risks based on risk management policies and procedures. Assess and review the technology risks for different ITAssets (cloud or On premise, applications and Infrastructure Reviews work of subordinates for risk management purposes, if applicable. Exhibits best practice risk management skills through effective IT security controls and improvement of risk management processes. Reviews IT risk assessments analyzes the effectiveness of information security control activities, and reports on them with actionable recommendations. Knowledge of IT GRC Automation Platform's like RSA Archer Lead the operationalization of security compliance programs to support various compliance regulations. Provide guidance and direction on the Regulatory compliances and security standards . Ensure all the functions and services are compliant to Regulatory Compliances and Unified control framework is operating effectively. Establish and maintain security metrics and reporting. Prepares and/or coordinates Monthly/Quarterly Enterprise Risk Meeting. Performs all other duties as assigned by the Management. Providing subject matter expertise in the area of cyber risk requirements. Maintaining the Cyber Risk Integrated Requirements Library. Keep it aligned with the project requirements. Provides specialist cyber risk expertise to support IT projects and operational teams. Liaises with different IT operational teams and business units on their assessment of cyber risks, and the controls . Participates in security investigations and compliance reviews as requested. Prepare reports for senior management and external regulatory bodies as appropriate Risk Management Framework (NIST RMF, ISO 31000 etc) Note : Please send me your responses to or plese call back to CST provides its clients with complete, cost-effective, end-to-end personnel solutions across a range of industrial domains. CST''s mission is to empower businesses around the world to make better, faster operational decisions.