CRO (Cyber Risk & Data Privacy) – Job Description Location: Chennai, Bengaluru, Mumbai, Pune, Kolkata, Hyderabad, Delhi, Gurgaon, Noida Experience: 8–15 years Preferred Certifications: ISO 27001, ISO 27701, CISA, CRISC, CISM, CISSP, Cloud & AI certifications (Prisma, AWS, Azure, GCP) I) Cyber / IT / Technology / Application / Information Security Risk • Strategy: Define and implement cybersecurity and information security strategies aligned with business objectives. Establish frameworks, KRIs, KPIs, and dashboards for Lines of Defence. • Risk Management: Conduct assessments, identify gaps, score risks, and recommend mitigations and improvements using industry standards and controls. Evaluation of information security threats and their impact to clients IT environment. • Testing & Maturity: Evaluate ISMS controls, test operating effectiveness, and provide maturity analysis. • Stakeholder Engagement: Collaborate with executives and IT teams; communicate complex concepts clearly to non-technical audiences. • Governance & Compliance: Implement robust GRC structures ensuring adherence to regulations (GDPR, NIST-CSF, NIST-800 53, ISO 27001, DORA, ISO 42001, SOX/SOC 2, PCI-DSS) • Cyber Resilience: Enhance organizational cyber resilience and risk posture • Risk Quantification: Proficiency in quantitative risk analysis methods (e.g., FAIR) and CRQ tools. • Reporting & Metrics: Design reports, dashboards, and risk metrics for management, LODs • Innovation: Drive automation and AI adoption in risk management, including GenAI and agentic AI. • Tools: Proficiency in cybersecurity and GRC platforms II) Data Privacy Risk • Strategy & Compliance: Develop privacy programs, policies, strategies aligned with regulations (GDPR, CCPA, PDPA, ISO 27701, PIPEDA, Australian Privacy Act) • Risk Management: Perform audits, DPIAs, and risk assessments; report gaps and recommend mitigation; evaluation of data privacy threats and their impact on clients IT environment • Communication: Effectively engage technical and non-technical stakeholders. • Tools: Familiarity with data privacy GRC tools III) Cloud Risk • Assessment: Identify and mitigate risks in cloud adoption and operations; assess cloud security posture and provide solutions for improvement • Compliance: Ensure adherence to ISO 27017, ISO 27018, CSA CCM. • Technical Expertise: Strong knowledge of AWS, Azure, GCP, and cloud risk tools (ServiceNow, OneTrust, BigID, Archer), CSPM tools • Communication: Deliver clear, actionable insights. IV) AI Risk • Compliance & Risk Management: Conduct AI compliance and security audits, pre implementation reviews, and privacy assessments (ISO/IEC 42001, NIST AI RMF, EU AI Act) • Governance: Develop frameworks, strategy, and governance model for responsible AI systems. • Tools: Experience with AI risk management platforms (e.g., ServiceNow, MetricStream).
