GRC-Lead

ONX Homes India Pvt Ltd is seeking GRC Lead for our Global IT operations. This is an excellent opportunityfor a person with outstanding communication, cybersecurity background, strong governance, riskmanagement and compliance management.In your role as a GRC Lead, you are responsible for assessing and managing an organization's governance, risk,and compliance (GRC) landscape by identifying potential risks, ensuring adherence to regulatoryrequirements, developing mitigation strategies, and reporting on compliance status, often focusing oninformation security controls within a company; essentially acting as a bridge between security practicesand regulatory compliance. You will be part of the support function, which is responsible for Global IT Technical Support, VendorManagement, Asset management, IT procurement, IT Project Management.This position will also oversee the ONX customer (Internal and External) data management and complianceassociated with our manufacturing factory equipment and operations in Homestead, Pompano Beach, andGeorgetown factories. This description reflects the core activities of the role but is not intended to be all-inclusive, and otherduties within the group/department and in other locations may be required in addition to changes in theemphasis of duties as required from time to time.

There is a requirement for the candidate holding thisposition to recognize this and adopt a flexible approach to work.

Understand organization's data landscape (internal and external customer data) andperform data classification. Support IT team to bring controlled environment, implement DLP based on data classification. Assists with the evaluation of the effectiveness of the information security program by developing, monitoring, gathering, and analyzing information security and compliance metrics for management.

Conduct regular risk assessments to identify and prioritize potential security risks across the organization, including data breaches, system vulnerabilities, and non-compliance issues.

Monitor compliance with relevant regulations and industry standards such as ISO 27001, GDPR, NIST800-53, and internal policies by reviewing procedures and conducting control testing. Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS).

Identify gaps in existing controls and recommend remediation actions to addressidentified risks and ensure compliance.

Contribute to the development and maintenance of security policies and proceduresto mitigate risks and promote compliance. Manages an exception review and approval process, and assures exceptions are documented and periodically reviewed.

Assist in incident response activities by analyzing security incidents, identifying rootcauses, and coordinating remediation efforts.

Generate reports on risk assessments, compliance status, and key performance indicators (KPIs) to communicate findings to management and stakeholders.

Collaborate with internal and external auditors by providing documentation and supporting evidence for compliance audits.

Communicate effectively with different departments within the organization to ensure understanding of GRC requirements and promote a culture of compliance.

Understanding of information security concepts, network infrastructure, system administration, and cybersecurity best practices.

Familiarity with relevant regulations and industry standards related to data privacy, financial reporting, and cybersecurity.

Ability to analyze complex data, identify trends, and assess potential risks. Developsreporting metrics, dashboards, and evidence artifacts.

Excellent written and verbal communication skills to effectively present findings andrecommendations to stakeholders.

Meticulous attention to detail to ensure accuracy in compliance assessments andreporting.

Work is performed in an office environment or using standard information technologyequipment combined with specialized information security products.Working conditions may require various shifts and/or weekends to provide incident responseoperations, business continuity plans, or disaster recovery operations.There is occasional travel between campuses or to off-site meetings.

Associate’s degree in computer information systems or related discipline.Minimum 10 years of applied work experience in cybersecurity programs, audits, assessments, risk, remediation, or cybersecurity compliance management.

Certified Information Systems Auditor (CISA) / Certified in Risk and Information Systems  Control (CRISC)

ONX is proud to be an equal opportunity workplace and is an affirmative action employer. We are committed to equal employment opportunity regardless of race, color, ancestry, religion, sex, national origin, sexual orientation, age, citizenship, marital status, disability, gender identity or Veteran status.