Job Title

Role- Assistant Vice President (GRC Head)-Infosec Team Location- GurgaonWork Model- 5 days from OfficeCompany DescriptionNykaa is a digitally native, consumer-tech company that offers a wide range of beauty, personal care and fashion products. Since its inception in 2012, Nykaa has disrupted the beauty retail market in India and captured the hearts of millions of customers. Besides offering engaging and educational content, we have diversified our offerings through other online platforms like Nykaa Fashion, Nykaa Man, and Superstore.Key Words - NIST, Cert-In, ITGC Audit, InfoSec Risk Assessment, ISO 27001 implementationKey ResponsibilitiesMaintain a robust GRC & Data Protection program that aligns with organizational goals and objectives.Developing and implementing InfoSec policies, procedures, and standardsTo assess the security posture of the organization by using Cyber-Security Framework such as NISTEnsuring that information security risks are identified, assessed, and managed appropriately, and that appropriate controls are in place to mitigate these risks.Establishing and maintaining relationships with stakeholders across the organization, including senior leadership, business units, and other key stakeholders, to promote information security best practices and awareness.Leading the information security awareness and training programs for employees to ensure that they understand their roles and responsibilities in maintaining the security of information assets.Ensuring that the organization is compliant with relevant laws, regulations, and standards related to information security, such as IT Act, Cert-In, PCI, etcLead the implementation of ISO 27001 Information Security Management System.Govern the third-party risk management program, ensuring comprehensive assessment, monitoring, and mitigation strategies to safeguard the organizationSet governance rigor including regular updates for management, publishing dashboards including metrics for monitoring effectiveness of the organization's information security programQualification/SkillGraduate in Computer Science, Information SecurityRelevant certifications (e.g., CISSP, CISM, CISA) are a plus.9+ years in Information Security with minimum 5 years of experience in GRCExperience in managing vendor risk management programStrong understanding of information security principles, risk management, and compliance requirementsExperience with industry frameworks and standards (ISO 27001, NIST, etc.).Excellent communication and interpersonal skills, with the ability to collaborate with cross-functional teams.Demonstrated ability to lead and drive change within an organization.Strong analytical and problem-solving skills.Ability to handle confidential informationEthical, with the ability to remain impartial and report all noncomplianceOrganizational skills with attention to detail