CareerStation
ZS

Governance & Risk Lead

Zscaler Softech
Pune7-10 LPA Posted 18 Jun 2025
FULL TIME
technology risk
Information Security
Data Security
Cyber Security
Risk Assessment
+1 more

Job Description

What you'll do

  • Develop the culture of risk management across the organization, and ensure effective identification, quantification, communication, and management of risks focusing on root cause analysis and resolution recommendations across domains – Cyber, HR, Legal, Finance, etc.
  • Proactively monitor and evaluate control effectiveness, identify gaps, and recommend enhancements to strengthen risk posture and regulatory compliance.
  • Provide SME support to functional managers or Internal stakeholders in understanding and applying responsibilities towards risk and compliance, providing recommendations as appropriate.
  • Support the CIO and CISO, and work with internal stakeholders to:
  • Participate in consultation and conduct gap analysis against new requirements.
  • Coordinate and facilitate IT / cyber security audits.
  • Support Risk Owners and Tech teams in documenting control procedures, guidelines, etc.
  • Ensure risk and control activities are completed in a timely and appropriate manner applying the correct governance route.
  • Report and publish Risks to senior leadership inclusive of providing content for Senior Leadership risk and control review forums/Committees.
  • Ensure all governance attestations and sign-off from Senior leadership are completed including the conduct risk measures.
  • Coordinate and track the tickets / findings in areas like IT Operational Risks and Information Security Risks, Control Self-assessments, Internal/External Audit findings with appropriate CAPA, BCP / Disaster recovery, Problem tickets with root cause analysis.
  • Audit event co-ordination, Audit liaison, and issue closure oversight (SOC 2 Type 2, ISO 27001, etc.).
  • Lead pre-audit preparation activities with stakeholders (SOC 2 Type 2, ISO 27001, etc.).
  • Provide first line of defense support in assessing risk and reviewing control issues.
  • Documentation of control procedures, standards and guidelines, etc.

What you'll bring

  • Bachelor's degree in IT or relevant field with a strong academic background.
  • A minimum of 7-10 Years of experience in Risk management and internal controls governance.
  • Strong communication & strategic influencing skills. Relevant experience working with senior leaders, building internal networks, and delivering high impact programs in complex -matrixed environments.
  • Formal training or certification in Information Security, and/or 5+ years of experience or equivalent expertise in technology risk management, information security, or related field, emphasizing risk identification, assessment, and mitigation.
  • Familiarity with risk management frameworks, industry standards, and financial industry regulatory requirements.
  • Proficient knowledge and expertise in data security, risk assessment & reporting, control evaluation, design, and governance, with a proven record of implementing effective risk mitigation strategies.
  • Proficient in MS Office productivity suite (e.g., Word, Excel, PowerPoint, SharePoint). Advanced Excel skills strongly preferred.
  • CISM/CRISC/CISA/CISSP/CIA/MBA or relevant Risk Management / Audit certification.
  • Basic working knowledge of following (Majority of the points, if not all):
  • COBIT – Control Objectives for Information and Related Technology
  • ISO/IEC 27001:2013 – Code of Practice for Information Security Management
  • NIST SP 800-53
  • NIST CSF
  • SOC1/SOC2/SOC3
  • HIPAA/HITECH Security and Privacy Audit Protocol
  • Shared Assessments Standard Information Gathering (SIG) framework
  • US SOX – Sarbanes Oxley Act
  • US HIPAA/HITECH Act
  • EU GDPR – General Data Protection Regulation
  • US EU Privacy Shield
  • India Companies Act

Additional Skills

  • Demonstrated ability to influence executive-level strategic decision-making and translating technology insights into business strategies for senior executives.
  • Program level management up to and including Executive presentation and reporting.
  • Knowledge and Experience of Technology Infrastructure. Understanding of Infrastructure Security.
  • Stakeholder management.
  • Willingness to adapt to evolving industry standards and technologies.
  • Ability to manage a wide variety of tasks and meet deadlines, and reliability/dependability.
  • Proven ability to work creatively and analytically in a problem-solving environment.

Required Skills

technology riskInformation SecurityData SecurityCyber SecurityRisk AssessmentRisk Management
Join WhatsApp Channel