Role Purpose

　　The purpose of the role is to lead and manage securityrequirements and recommend specific improvement measures that helpsmaintain the Security posture of organisation

　　Do

　　Lead Risk and Compliance to protect sensitive information Drive Risk Management, Regulatory and Contractual compliance Diagnose the level of preparedness of the customer for cybersecurity and health and accordingly propose a solution to the client Build appropriate risk governance with client partners andinternal stakeholders and ensure customer policies and SOWrequirements are in line with the deliverables Govern design and rollout of Common Compliance frameworks Ensure policies, processes and standards are in place toidentify, assess, measure, manage and report risks Manage the security requirements including regulatoryrequirements as per the customer demands Monitor risk controls like access controls, backup, recovery,network security etc as per the client needs Act as point of contact for escalations on the risk managementframework and provide guidance / decisions as appropriate Act as the Subject Matter expert (SME) on risk for team anddrive actions required to ensure the businesses remain fully compliant Responsible for building, developing & maintaining effectiverelationships with Key stakeholders in Client Organisations, especiallyrelated to their Risk functions Ensure all required controls are implemented, documented andmonitored so as to ensure full audit compliance Coordinate with IT team members to ensure IT audit findings areaddressed in a timely manner Monitor overall cyber health of the customer and suggestcorrective measures to cyber security issues and provide timely support Team Management Team Management Clearly define the expectations for the teamAssign goals for the team, conduct timely performance reviews andprovide constructive feedback to own direct reports

　　Guide the team members in acquiring relevant knowledge and developtheir professional competence Educate and build awareness in the team in Wipro guidelines onrevenue recognition, pricing strategy, contract terms and RevenueAssurance ManualEnsure that the Performance Nxt is followed for the entire team Employee Satisfaction and Engagement Lead and drive engagement initiatives for the teamTrack team satisfaction scores and identify initiatives to buildengagement within the team

　　Stakeholder Interaction

　　Stakeholder Type

　　Stakeholder Identification

　　Purpose of Interaction

　　Internal

　　CRS practice team and delivery leadership

　　Reporting, governance and thought leadership

　　IT team

　　To understand IT systems and audit

　　Internal Legal Team

　　For discussing legal Practices

　　External

　　Customer

　　For risk assessment

　　Display

　　Lists the competencies required to perform this role effectively: Functional Competencies/ Skill Domain/Industry Knowledge - Awareness and knowledge ofCorporate IT Security ~ Contractual IT Governance & Compliance ~Data Protection ~ Privacy ~ IT General Controls ~ Internal &External IT Audits ~ Vendor Information Security Assessments ~ ThirdParty IT Security Assessment Programmes & IT Risk Reviews ~ ITConsulting ~ Client Relationship Management ~ Network Solutioning- Expert Leveraging Technology - In-depth knowledge of and mastery overecosystem technology that commands expert authority respect - Master Technical knowledge - Complete understanding of risk andcompliance audits((ISO27001, SOX, HIPAA, GLBA, PCI DSS, SSAE16 etc.) - Expert

　　Competency Levels

　　Foundation

　　Knowledgeable about the competency requirements. Demonstrates (inparts) frequently with minimal support and guidance.

　　Competent

　　Consistently demonstrates the full range of the competency withoutguidance. Extends the competency to difficult and unknown situations aswell.

　　Expert

　　Applies the competency in all situations and is serves as a guide toothers as well.

　　Master

　　Coaches others and builds organizational capability in the competencyarea. Serves as a key resource for that competency and is recognisedwithin the entire organization.

　　Behavioural Competencies Strategic perspectiveTechnology AcumenCommunication and Presentation SkillsProblem Solving approachManaging ComplexityClient centricity

　　Deliver

　　No.

　　Performance Parameter

　　Measure

　　1.

　　Adherence to established risk and compliance framework

　　Reported incidents, no. of major security incidents, cost perincident, meeting regulatory requirements, appropriate management ofcustomer impact, mean time to detect (MTTD), mean time to resolve(MTTR), cyber security training

　　2.

　　Disaster recovery

　　Number of risks identified and mitigated, timely solution to securitybreaches

　　GRC Process