Senior Cyber Organization alignment & Compliance Specialist

Advansys is a dynamic solutions provider focused on delivering smart, modular, and sustainable technology solutions that enhance operations, improve customer experiences, and drive business modernization. With over 400 skilled engineers, we serve 100+ enterprise customers across 14 countries. Specialized in a wide array of premium services including Business Automation, Industrial Digitization, Low code Development, Cloud Services, Warehouse Automation & Strategic Outsourcing.

Founded in 2014, Advansys is part of the INTRO Group, a private conglomerate established in 1980 with diverse investments across different business areas, oil and gas, real estate, specialized engineering, financial investment, Food & manufacturing.

Governance, Risk, Compliance: 

• Ensure compliance with policies, regulatory requirements, and industry standards. 

• Identify, assess, and manage information security risks. 

• Ensure adherence to internal and external compliance requirements. 

Policy Exception Management: 

• Develop and maintain a comprehensive process for managing policy exceptions, including documentation, expiration date and approval workflows. 

• Ensure all policy exceptions are properly documented, reviewed, and approved in accordance with organizational standards. 

• Perform risk assessments for proposed policy exceptions to evaluate their potential impact on compliance and security.  

• Work with stakeholders to communicate policy exception process, develop compensating controls for policy exceptions, and ensure timely closure. 

• Regularly review and monitor granted exceptions to ensure compliance with the terms and conditions. 

• Conduct periodic audits to assess compliance with approved exceptions and identify deviations for remediation.  

Risk Control Self Assessments  

• Coordinate and ensure regular risk control self-assessments across various business units to identify and evaluate potential risks. 

• Compile and analyze assessment results and prepare detailed reports with actionable insights and recommendations. 

• Perform follow-ups to verify the effectiveness of implemented controls and risk mitigation measures. 

Offshoring Reporting 

• Maintain accurate and timely reporting of offshoring activities 

• Ensure alignment with regulatory reporting requirements, and supporting the organization’s compliance posture concerning offshore operations 

• Establish streamlined reporting mechanisms that meet both internal and external requirements. 

• Assess and manage the risks associated with offshoring arrangements. Ensure that appropriate controls and mitigations are in place to address any regulatory or compliance risks tied to offshore activities. 

ISG Service Portfolio Management: 

• Develop and maintain a comprehensive service catalog that accurately reflects the services offered by ISGRegularly review and update the service catalog to ensure it aligns with business needs and technological advancements 

• Monitor the performance of ISG services to ensure they meet established service level agreements (SLAs) and key performance indicators (KPIs). 

• Compliance Management  

• Oversee the implementation and management of information security compliance across the bank, ensuring alignment with regulatory requirements and industry standards 

• Identify relevant regulatory obligations related to information security and ensure appropriate actions are taken to meet these requirements. 

• Manage and track compliance incidents and exceptions, ensuring proper documentation and resolution through GRC systems. 

GRC Function Automation:  

• Be the owner of the bank’s GRC platform for ISG and oversee the management of the bank’s IS GRC solution.  

• Oversee the administration, configuration, and maintenance of the GRC platform to ensure optimal performance and availability 

• Enable centralized knowledgebase and GRC solution to automate Information Security activities and governance process with a centralized risk register, risk reports and dashboards related to overall risk posture for specific location and business unit.  

• Automate the GRC functions and reduce manual efforts to provide near real time insights into risks by performing quantitative and qualitative assessments.  

• Support local CISO’s / IS SPOCs in regulatory audit discussion and data required from ISG and enabling the local CISOs with Archer access to onboard the open issues for centralized tracking and governance. 

• Ensure that the solution is effectively used to support the organization’s information security governance, risk, and compliance activities 

Essential knowledge 

• Have around 10+ years of experience in a Banking environment and over 3 years of experience in information security.  

• Familiarity with information security technologies, risk, threat and vulnerability assessments, and security measures.  

• Experience with governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, GDPR, PDPL). 

• Hold professional certifications (e.g., CISA, CISM, CISSP, CRISC) 

Skills and Application  

• Strong communication and interpersonal skills. 

• Ability to manage multiple projects and priorities. 

• Proficiency in security tools and technologies. 

Strategic Insight 

• Foster a culture of security awareness and compliance within the organization. 

• Continuously improve the information security posture of the organization. 

• Ensure that information security risks are effectively managed and mitigated.