*This position is also open to work remotely from anywhere in Mexico*
Who is Tech Mahindra?
At Tech Mahindra, we not only provide Agile and DevOps methodologies to our customers, we have adopted the same within the company as well. Our nimble processes are not mired in red tape, yet robust, flexible and result-oriented. We are Software Engineers, Technical Architects, Cloud and DevOps specialists. But the most important, we are dreamers, creators and challengers. Each day, we strive to make great come alive. Our lemma: “work smart and play hard”
Our technology partners are Hashicorp, Cloudbees, Chef, Pagerduty, Docker and SAP.
We are always looking for the brightest candidates to come and we offer a work environment with everything you need to be your best. Does Ambition, Success, Fun, Friends & Learning define your idea of a career? Join us and be part of our family!
We’re looking for a Cybersecurity GRC Specialist
**Role Overview:**
We are seeking a highly skilled and motivated Third party Risk Management, Cyber Security Governance, Risk & Compliance Specialist to join our team. The ideal candidate will have extensive experience in Third-Party Risk Management (TPRM), policy exception handling, and setting up risk and compliance frameworks and processes. This role requires a strong understanding of risk domains, regulatory compliance, and industry best practices. The candidate should be capable of leading client engagements from a GRC perspective and possess excellent interpersonal skills.
**Key Responsibilities:**
– Implement and manage TPRM end-to-end processes, including policy exception handling and cyber security governance.
– Execute risk and compliance assessments, and drive remediation activities.
– Understand and manage cyber risk domains such as access control, operational security, data protection and privacy, vulnerability management, backup and recovery, application security, and business continuity.
– Ensure compliance with various regulatory requirements (e.g., HITRUST, PCI DSS etc).
– Apply industry best practices (e.g., ISO 27001, NIST, COBIT) in designing and documenting GRC processes and assessment frameworks.
– Archer Knowledge is Mandatory.
– Understand and manage application security risks and controls.
– Lead client engagements from a GRC perspective, demonstrating strong ownership and high impact.
**Qualifications:**
– Degree in Information Systems, Computer Science, or equivalent experience.
– Advanced degree in Engineering, Cybersecurity, Information Assurance, Information Security, Information Systems, or Computer Science is preferred.
– Relevant certifications such as ISO 27001, CRISC, CISA, CISSP, or the willingness and motivation to obtain similar certifications.
– Strong interpersonal skills and the ability to work collaboratively with clients and team members.
**Preferred Skills:**
– Experience in Supplier Risk Management.
– Expertise in Control Testing.
– Proficiency in Policy Exception Handling.
This position offers a unique opportunity to contribute to our cyber security governance and risk management efforts, ensuring our clients maintain robust and compliant security postures.
What you can expect from us
At Tech Mahindra, what distinguishes us from other teams is the comfortable environment which engenders trust within teams and with our customers. Trust and openness leads to quality, innovation, commitment to deliverables, efficiency and cost-effectiveness for all our customers.
- Work with some truly remarkable IT engineers, architects, specialists and more.
- We’re growing at a phenomenal pace and we’d like some company.
- Hear your voice, nurture your talent and help you strengthen your foot print!
- Benefits above the law
- Mentorship, and opportunities to grow and learn
If you apply for this opportunity we will get you resume and its contain personal data whose treatment has been authorized by its owner for Digital OnUs, S. de RL de CV (the “Company”). If you are not the owner of this information or have no relation whatsoever with the subjects treated in it, you are requested in the most attentive way not to make copies of it and / or its attached files and delete it immediately, under the risk of being considered as responsible for the unauthorized treatment of personal data in accordance with the Federal Law on Protection of Personal Data Held by Private Parties, its Regulations, and other applicable regulations. If you are the owner of personal data in possession of the Company and wish to obtain further information regarding the processing of your personal data or the exercise of your ARCO rights, please consult our integral privacy notice on the website https://www.digitalonus.com/privacy-policy/