What success looks like in this role:
- External Audits
- Programs manage external audits for ISO standards – ISO 27001, ISO 22301, ISO 9001, ISO 20000 and SSAE18 SOC 1 Type II assessments
- Govern engagement with external audit partners to ensure audits are completed as per plan
- Ensure alignment with internal stakeholders to support the audit activities
- Third Party Risk Management
- Govern TPRM program in collaboration with Unisys Procurement
- Manage TPRM team and ensure TRPM process is completed effectively and efficiently
- Review supplier contracts and ensure security requirements are aligned with Unisys security policy and controls
- Internal Risk Management
- Maintain Unisys GIS Security Risk Register.
- Collaborate with BU’s/BISO’s and other functions to ensure timely updates to the Risk Register
- Manage Unisys Security Policy Exception program
- Chair Exception Review Board meetings
- Security Awareness Training
- Manage Security Awareness Training program
- Engage internal stakeholders to identify training modules
- Ensure training campaigns are designed and launched as per plan
- Design and deploy program status reports for Unisys management
#LI-SP2
You will be successful in this role if you have:
Experience
- The candidate should have 15-20 years of work experience in the IT industry with at least 10+ years in the Information Security domain and at least 5 years in the GRC domain
- Preferred background before moving to GRC are hands on experience in Application development or Systems Engineering or Infrastructure Eng /management
- Should have good understanding of Audit, Risk, Policy and Compliance
Qualifications and Certifications
- A bachelor's degree in engineering from a reputed institute. MTech or MBA will be an added advantage
- Excellent verbal and written communication skills
- Ability to communicate with Senior stakeholders
- Have knowledge of industry standards like ISO, SSAE18 SOC 1, SOC 2, PCI-DSS etc.
- CISSP/CISA/CISM certificate would be beneficial
- Knowledge of industry standards ISO 27001 and SSAE18 SOC 1 and SOC 2 is a must
- Knowledge of other industry standards PCI DSS, NIST 800-53, CIS Benchmarks, ISO 22301 etc. is preferable
- Understanding of Data Privacy controls, GDPR, Privacy Shield, governing laws and regulations
- Working knowledge of ServiceNow GRC module or reputed GRC tool is a requirement.
- Working knowledge of MS Office, SharePoint and Power BI tools
Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.
This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers. If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at GlobalRecruiting@unisys.com or alternatively Toll Free: 888-560-1782 (Prompt 4). US job seekers can find more information about Unisys’ EEO commitment here.
