Information Security Manager (GRC)

Job content

Nissan is a pioneer in Innovation and Technology. With a focus on Mobility, Operational Excellence, Value to our Customers, and Electrification of vehicles, you can expect to be part of a very exciting journey here at Nissan. Nissan is going after a massive Digital Transformation backed by leading technologies across the organization globally. We are committed to building a diverse, entrepreneurial organization, and our current team is strong evidence of that. Our people are what drive the business forward. At Nissan Digital, you will be part of a dynamic team with ample opportunities to grow and make a difference.

Position Description

Information Security risk assessments help review system/application/vendor architecture and controls from a perspective of cyber security risks and help provide recommendations to mitigate the identified risks. Manager Information Security GRC is responsible for maintaining a robust Risk Management framework by evaluating applications hosted on prem or cloud, systems and external vendors to help reduce the security risks from cyber threats by highlighting remediation measures and advising on implementing corrective controls.

Responsibilities

Lead risk management program, planning and implementing compliance and risk assessment activities. This includes exception handling, Business Impact Assessment (BIA), and Business Continuity Planning (BCP). Security documentation governance - create, review, revise, and publish documents. Foster and sustain a positive security culture through security awareness initiatives Support the development of the GRC framework and ensure its proper operation; define and formulate the necessary processes related to GRC. Review risk exceptions per security processes, maintain risk register, and liaise with business units for tracking and closure. Support emergency security response in the event of a company-wide security incident or discovery of a significant security risk. Build, review, and sustain information security metrics program with periodic dashboards and reports to management. Serve as subject matter expert on Nissan security policy, processes, standards and best practices.

Competency Requirement

Manager Information Security GRC should have extensive experience in the coordination of program.

Perform risk assessments on systems, applications, and vendors and track open findings with business units for remediation and closure. Experienced in the development and implementation of information security policies, standards, and related procedures for security programs Experienced in cloud security assessments and defining security controls. Ability to assess environments against a wide variety of security, privacy, and compliance frameworks - ISO27001, NIST CST, SOC2, CMMC, WP29/UN-R155 Experienced in third-party risk assessment - program management, reviews, and closure Ability to handle end-user queries on information security matters independently Hands-on experience in security GRC workflow process automation tools like OneTrust, RSA Archer, etc Working knowledge of

Cyber and Cloud Security risks and controls

Security operations

System security engineering

Application Architecture reviews, SDLC, security tools and technologies

CSA Cloud Controls Matrix

Phishing simulation exercises

GDPR, SOX, PCI-DSS, SOC2, ISO 27001, Indian Digital Protection Data Protection Act

NIST Cybersecurity Framework

GRC (governance, risk management, compliance) - ITGC

Familiarity with automotive security standards like ISO/SAE 21434, UNECE WP.29 R155 CSMS

Experience

10 to 12 years experience in Cyber Security GRC with specific experience in systems risk and operational risk management

Desired Certifications & Skills

• CISSP, CISM or CISA
• Foundational certifications on cloud platforms
• Good understanding of GDPR and privacy regulations
  
  

Qualifications

• B.E / B-Tech / MCA
  
  

Trivandrum Kerala India