Nissan is a pioneer in Innovation and Technology. With a focus on Mobility, Operational Excellence, Value to our Customers, and Electrification of vehicles, you can expect to be part of a very exciting journey here at Nissan. Nissan is going after a massive Digital Transformation backed by leading technologies across the organization globally. We are committed to building a diverse, entrepreneurial organization, and our current team is strong evidence of that. Our people are what drive the business forward. At Nissan Digital, you will be part of a dynamic team with ample opportunities to grow and make a difference. Position Description Information Security risk assessments help review system/application/vendor architecture and controls from a perspective of cyber security risks and help provide recommendations to mitigate the identified risks. Manager Information Security GRC is responsible for maintaining a robust Risk Management framework by evaluating applications hosted on prem or cloud, systems and external vendors to help reduce the security risks from cyber threats by highlighting remediation measures and advising on implementing corrective controls. Responsibilities Lead risk management program, planning and implementing compliance and risk assessment activities. This includes exception handling, Business Impact Assessment (BIA), and Business Continuity Planning (BCP). Security documentation governance - create, review, revise, and publish documents. Foster and sustain a positive security culture through security awareness initiatives Support the development of the GRC framework and ensure its proper operation; define and formulate the necessary processes related to GRC. Review risk exceptions per security processes, maintain risk register, and liaise with business units for tracking and closure. Support emergency security response in the event of a company-wide security incident or discovery of a significant security risk. Build, review, and sustain information security metrics program with periodic dashboards and reports to management. Serve as subject matter expert on Nissan security policy, processes, standards and best practices. Competency Requirement Manager Information Security GRC should have extensive experience in the coordination of program. Perform risk assessments on systems, applications, and vendors and track open findings with business units for remediation and closure. Experienced in the development and implementation of information security policies, standards, and related procedures for security programs Experienced in cloud security assessments and defining security controls. Ability to assess environments against a wide variety of security, privacy, and compliance frameworks - ISO27001, NIST CST, SOC2, CMMC, WP29/UN-R155 Experienced in third-party risk assessment - program management, reviews, and closure Ability to handle end-user queries on information security matters independently Hands-on experience in security GRC workflow process automation tools like OneTrust, RSA Archer, etc Working knowledge of Cyber and Cloud Security risks and controls Security operations System security engineering Application Architecture reviews, SDLC, security tools and technologies CSA Cloud Controls Matrix Phishing simulation exercises GDPR, SOX, PCI-DSS, SOC2, ISO 27001, Indian Digital Protection Data Protection Act NIST Cybersecurity Framework GRC (governance, risk management, compliance) - ITGC Familiarity with automotive security standards like ISO/SAE 21434, UNECE WP.29 R155 CSMS Experience 10 to 12 years experience in Cyber Security GRC with specific experience in systems risk and operational risk management Desired Certifications & Skills CISSP, CISM or CISA Foundational certifications on cloud platforms Good understanding of GDPR and privacy regulations Qualifications B.E / B-Tech / MCA Trivandrum Kerala India