Job Description

About DruvaDruva enables cyber, data, and operational resilience for every organization with the Data Resiliency Cloud, the industry\'s first and only at-scale SaaS solution. Customers can radically simplify data protection, streamline data governance, and gain data visibility and insights as they accelerate cloud adoption. Druva pioneered a SaaS-based approach to eliminate complex infrastructure and related management costs and deliver data resilience via a single platform spanning multiple geographies and clouds. Druva is trusted by thousands of enterprises, including 60 of Fortune 500, to make data more resilient and accelerate their journey to the cloud.Visit and follow us on , , and .Establish a formal and robust Risk Management/Governance Program which will identify and assess risks to build realistic plans to remediate and sustain a control environment driven by multiple compliance frameworks.Responsibilities:Internal Audit

• Evaluate the adequacy and effectiveness of applicable policies, procedures, processes, systems and internal controls.
• Perform gap analysis on policy requirements aligned to various operational and Technology processes.
• Provide monitoring and independent oversight of the execution of technology, info security, and information management risk as they relate to policy and standards, including the independent oversight of the build out of a new front line process dedicated to the end-to-end risk management lifecycle.
• Develop, implement, and support an effective control review and challenge process to provide transparency, accountability and escalation of control effectiveness.
• Validate/evaluate appropriateness, completeness, effectiveness and sustainability of corrective actions taken to address situations defined as issues.

Risk ManagementStrategic Planning

• Provide input into the annual business strategy and planning processes to ensure strategic risks are identified, appropriately considered and documented.
• - Embedding an appropriate risk culture

Assessment

• Perform on-going monitoring and assessments of risks captured in the risk register to enable the identification of top risks, potential new risks or emerging risks
• Provide oversight and support to ensure the Company\'s risk appetite, control framework and policies are clearly documented, communicated and adhered to
• Create and maintain appropriate key risk indicators (KRIs) and trigger limits to track the trends in risk exposures.
• Ensure appropriate and insightful risk reporting including reporting to the Risk Committee and development and monitoring of KRIs
• Own allocated risks in the risk register and facilitate regular risk and control assessments. This may include strategic and operational (including data, IT and cyber security), risks.
• Monitor and assess operational risk exposures, events, business and IT incidents to ensure such cases are appropriately escalated.
• Support the business in development and implementation of appropriate risk controls to mitigate such incidents.

Collaboration

• Collaborate with internal partners to ensure effective key controls are appropriately designed and are operating effectively to mitigate identified risks in the risk register.
• Where relevant, partner with relevant business stakeholders to design and implement pragmatic recommendations and actions for reducing exposures to risk where these exceed appetite or tolerance, ensuring the timely communication of such with the Risk Owner.
• To lead and conduct risk assessments, reviews or investigations of topics that may arise from time to time. This may include risk assessments on important outsourcing or third-party risk management arrangements, second line of hot risk topics or areas of concerns, emerging risks, new business initiatives or regulatory topics.
• Lead, contribute and/or deliver risk training and awareness initiatives on behalf of the Risk team as may be required.

Skills

• Strong foundation with active experiences in delivering multiple frameworks including SOC2, ISO, CSA etc.
• Experience in a cloud environment like AWS being used as an IaaS.
• Relevant experience with risk frameworks like NIST RMF, FAIR model
• Experience in creating and delivering risk reports to senior management.
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills.
• Ability to work independently and as part of a team
• Strong attention to detail and organisational skills.
• Proficiency in risk management software and tools.
• Knowledge of regulatory requirements and industry standards.

Qualifications

• Bachelor\'s degree in any discipline with relevant experience in an information security environment.
• Relevant certifications in compliance, audit, cloud security, or related fields (e.g. CRISC, CISSP, CISM CISA, etc.)
• 10+ years experience with at least 5 years experience in risk management or relevant fields.

Druva