Specialist: Information Security Grc

NTT is a leading global IT solutions and services organisation that brings together people, data and things to create a better and more sustainable future.

In today’s ‘iNTTerconnected’ world, connections matter more now than ever. By bringing together talented people, world-class technology partners and emerging innovators, we help our clients solve some of the world’s most significant technological, business and societal challenges.

With people at the heart of our success, NTT is committed to attracting and growing the best talent and providing an environment where everyone feels they can belong and their contribution matters.

**Want to be a part of our team?**

Join our exceptional team at NTT DATA as a dedicated Information Security GRC Specialist. If you have a passion for driving the development and maintenance of GRC platforms and reporting, this opportunity is perfect for you Your role will be crucial in ensuring consistent risk management, compliance, and reporting through the eGRC platform.

Responsibilities include leading the development of the eGRC platform, aligning it with industry standards, collaborating on risk assessments, and addressing cybersecurity compliance issues.

Qualifications include a degree in IT, Risk Management, or related fields, along with relevant certifications such as CISSP, CISA, or CRISC. With at least 3 years of relevant experience, you'll enjoy working in a dynamic environment, fostering growth, and making a significant impact on information security.

**Working at NTT**

Are you a dedicated Information Security professional with a focus on Governance, Risk, and Compliance (GRC) Do you have a strong understanding of Information Security principles and a passion for driving the development and maintenance of GRC platforms and reporting?

If you are eager to make a significant impact by ensuring consistent risk management, compliance, and reporting through the eGRC platform, this exciting opportunity is tailor-made for you

At NTT, we are actively seeking a skilled and motivated Information Security GRC Specialist to join our exceptional team. As a specialist, you will play a critical role in accelerating the development activities for our NTT eGRC platform while maintaining our commitment to managing cybersecurity risks and certifications. Your expertise in eGRC platform development, rollout, support, and operations will be the driving force behind our risk management and compliance efforts, ensuring our organization's resilience and security.

**Responsibilities**:

- Lead the development and enhancement of the NTT eGRC platform, working closely with stakeholders to gather requirements and ensure effective implementation.
- Ensure the eGRC platform aligns with industry standards and best practices, including ISO27001, ISO22301, ISO27017, ISO27018, SOC1/2, PCI-DSS, and NIST CSF.
- Collaborate with cross-functional teams to assess cybersecurity risks, conduct risk assessments, and support compliance audits.
- Monitor the effectiveness of IT security controls within the eGRC platform, making necessary improvements to maintain compliance.
- Investigate and address any cybersecurity compliance issues and incidents, coordinating with relevant business units to implement appropriate solutions.
- Develop advance reporting capabilities leveraging PowerBI and in-bult tools.
- Collaborate with other Information Security teams, including Business Continuity Management (BCM), Data Privacy and Protection (DPP), and Third-Party Risk Management (TPRM), to ensure holistic security measures.

**What We're Looking For**:

- Solid understanding of Information Security principles and best practices.
- Previous experience in the development, rollout, and operations of eGRC platforms is highly desirable.
- In-depth knowledge of risk management, compliance, and relevant laws and standards.
- Proactive attitude towards continuous learning and skill development.
- Excellent project management, analytical, and problem-solving skills.
- Strong communication abilities to effectively convey complex concepts to both technical and non-technical stakeholders.
- Ability to build and maintain strong customer relationships and stay informed about industry trends.
- Experience in workflow design and automation and management.

**Qualifications and Certifications**:

- Preferred: Degree in Information Technology, IT Audit, Cyber Risk Management, or a related field.
- Required: Professional certifications such as CISSP, CISA, CRISC, or equivalent. Additional certifications in GRC-related domains are advantageous.
- Required: At least 3 years of relevant work experience with a focus on GRC and cybersecurity.

**Why Join Us**:

- Be part of a dynamic and innovative organization that values your expertise and appreciates your contributions.
- Collaborate with a team of talented professionals in a supportive and collaborative environment.
- Unlock opportunities for growth and professional develop