Role DescriptionWe are seeking a skilled and experienced professional with expertise in the IT GRC domain to join our team as part of Virtusas Enterprise Applications Group. The ideal candidate will play a key role in maintaining, improving, and ensuring the continued effectiveness of internal controls, managing IT risk, and supporting ongoing compliance efforts across the organization. You will collaborate closely with multiple Virtusa teams, as well as internal/external auditors, to safeguard company assets, ensure adherence to established IT GRC standards, and continuously improve the IT General Controls and Cybersecurity frameworks, including data privacy.Key ResponsibilitiesEnsure timely execution of internal controls, as well as the completion of IT risk and data privacy assessments.Identify corrective actions and monitor remediation efforts to resolve internal control issues and open risks promptly.Collaborate with internal and external auditors to ensure compliance with audit and cybersecurity requirements.Contribute to the development of IT GRC standards, with a focus on data privacy and cybersecurity.Recommend improvements to existing processes and internal controls to safeguard company assets.Qualifications and Skills:Bachelors degree in Information Technology, Cybersecurity, or a related field.Minimum 5 years of professional experience in IT GRC, Cybersecurity, or IT Audit.Professional certifications such as CISA, CISM, and/or CISSP will be an added advantage.Experience with Sarbanes-Oxley compliance (SOX) and/or Information Technology General Controls (ITGC), including control execution, testing, documentation, and remediation.Excellent working knowledge of NIST Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and GDPR compliance.Broad, high-level understanding of IT systems and infrastructure, including networking, servers, hardware, databases, and cloud applications (SaaS/PaaS/IaaS).Exceptional attention to detail with a commitment to excellence.Ability to manage multiple tasks/projects and prioritize effectively.Excellent verbal and written communication skills, with the ability to engage effectively with management.Collaborative team player with a proven ability to work effectively with others.
Key Responsibilities Ensure timely execution of internal controls, as well as the completion of IT risk and data privacy assessments. Identify corrective actions and monitor remediation efforts to resolve internal control issues and open risks promptly. Collaborate with internal and external auditors to ensure compliance with audit and cybersecurity requirements. Contribute to the development of IT GRC standards, with a focus on data privacy and cybersecurity. Recommend improvements to existing processes and internal controls to safeguard company assets.
Qualifications and Skills: Bachelors degree in Information Technology, Cybersecurity, or a related field. Minimum 5 years of professional experience in IT GRC, Cybersecurity, or IT Audit. Professional certifications such as CISA, CISM, and/or CISSP will be an added advantage. Experience with Sarbanes-Oxley compliance (SOX) and/or Information Technology General Controls (ITGC), including control execution, testing, documentation, and remediation. Excellent working knowledge of NIST Risk Management Framework (RMF), NIST Cybersecurity Framework (CSF), ISO/IEC 27001, and GDPR compliance. Broad, high-level understanding of IT systems and infrastructure, including networking, servers, hardware, databases, and cloud applications (SaaS/PaaS/IaaS). Exceptional attention to detail with a commitment to excellence. Ability to manage multiple tasks/projects and prioritize effectively. Excellent verbal and written communication skills, with the ability to engage effectively with management. Collaborative team player with a proven ability to work effectively with others
