IT Governance Risk & Compliance Senior Associate - Global

Job Title
IT Governance Risk & Compliance Senior Associate - Global

Business/Department
Global Shared Services

Job Category
Information Technology

Location
Asia-Pacific (multi-location)
Johannesburg, ZA
Mexico City, MX
Mumbai, IN
New Delhi, IN

Closing Date
16/11/2024

Job Description
Maximize your potential. Tackle the world’s toughest problems.
Build expertise in areas that matter to you. Become a global development leader.
ABOUT DALBERG
We are a global group working to build a more sustainable planet and inclusive societies where all people can thrive. As a diverse, purpose-driven community of professionals, it works in collaboration with local communities and global networks to create bold and equitable solutions and develop the next generation of impact leaders. Dalberg brings together strategy and management consulting, equity-centered community design, data, research, implementation, and communications to achieve its mission of solving the most pressing challenges of our time through systemic change. We are from everywhere, at home anywhere - an African and American company as much as an Asian, Latin American, Middle Eastern, and European one.

Dalberg is a place where a diverse mix of talented individuals are able to practice transparency and openness while maintaining independence of thought – whether it’s how you identify, where you come from, the languages you speak, the person you love, or the way you worship. Dalberg is a home where people feel safe, understood, nurtured, and encouraged to grow.

As a team of 640+ people from 55 countries, speaking over 90 languages collectively, with 46%+ female leadership team, Dalberg places diversity, equity and inclusion principles at the heart of our organization and the work we do alongside our clients, partners and communities.

Established in 2001 by experienced private sector consultants, Dalberg operates from 25+ worldwide locations. For more information, please visit Dalberg.

ABOUT DALBERG ADVISORS
Dalberg Advisors is a strategic advisory firm combining the best of private sector strategy skills and rigorous analytical capabilities with deep knowledge and networks across emerging and frontier markets. We work collaboratively across the public, private and philanthropic sectors to fuel inclusive growth and help clients achieve their goals.

ABOUT OUR CLIENTS
Our clients come to us with some of the most difficult global problems, seeking solutions where the obvious ones have failed. We are entrepreneurs and innovators, designers and creative problem solvers, thinkers, and doers who supply new ideas, drawing from a deep base of knowledge that cuts across sectors and geographies and is growing every day. We partner with and serve communities, governments, and companies throughout the world. Some of our recent clients include foundations such as the Bill and Melinda Gates Foundation, corporations such as Pepsi and Vodafone, multilateral institutions such as the World Bank and the Inter-American Development Bank, UN Agencies such as UNICEF and the UNEP, and government agencies such as USAID and FCDO.

ABOUT YOU
We are seeking an individual for the role of IT Senior Associate- Global Governance Risk and Compliance in our Global Shared Services IT Team (GSS-IT) who can lead the identification of projects and collaborate with multiple pillars to enhance the standardization, efficiency, and maturity of the GRC function. Specifically, you are eager and able to demonstrate the competencies below:

• In-depth knowledge of ISO27001 and GDPR standard and control requirements.
• Knowledge of Data Privacy/GDPR concepts and controls.
• Experience in performing InfoSec compliance reviews/gap assessments.
• Prior experience facing or being part of internal/external audits related to ISMS or IT General controls (ITGC) tests.
• Understanding of structured and unstructured data types.
• Conceptual knowledge of data discovery, data retention, and data disposal lifecycle, etc., would be a plus.
• Exposure to, or at least a conceptual knowledge of, cloud environment security and VA/PT.

WHAT YOU WILL DO AND HOW YOU WILL GROW
Responsibilities:

• Design and establish a new security framework for various operational processes, procedures, standards, and guidelines for the IT Governance Program. This will include developing an Internal Controls framework and managing control lifecycles.
• Prepare and be responsible for keeping the firm's ISMS policy/procedure document after periodic review or any major changes in the process. Maintain an up-to-date repository of the documents and Policy documents over SharePoint.
• Facilitate and liaise with various stakeholders to close all audit findings within time. • Achieving the ISO27000 standard certifications in the next 12-18 months.
• Assist in the implementation/enforcement of the security policy/procedure across the firm.
• Provide and support the implementation of IT GRC initiatives globally • Assist in developing, implementing, and supporting the improvement of the organization's information security Governance, Risk, and Compliance management strategy.
• Drive infosec awareness program across the firm through training, awareness mailers, other channels.
• Assist in security process automation initiatives whenever possible.
• Undertake the annual Business Impact Assessment (BIA) exercise to ensure business continuity.
• Identification of critical business applications and their RTO/RPO.
• Remain current with industry best practices and monitor the legal and regulatory environment for developments.
• Coordinating with multiple stakeholders at regional offices worldwide to ensure compliance and facilitate internal and external information security and data privacy audits.
• Undertaking periodic compliance reviews of all infosec controls against defined policies.
• Driving the remediation of control deficiencies.
• Communicating with senior internal stakeholders in our global management team to influence decisions and ensure work toward common objectives, including providing periodic status reports to Management on the firm's compliance status.
• Report to the Global IT Head

Minimum qualifications:

• A bachelor's degree in IT, cyber security, or a related field is required; a master's would be a plus.
• Minimum of 4 years of relevant experience working in cyber security/GRC/information security/ISMS implementation or sustenance role.
• Knowledge of security-related technologies (e.g., IDAM, PAM, Patch Management tools, DLP, Antivirus, Firewall, etc.)
• CISA, CISSP, CISM, or any other certification related to ISMS/information security would be a plus.
• Strong understanding of IT Infrastructure, including Cloud and M365 environments
• Experience in dealing with all levels of management, across teams /multiple stakeholders, across regions, and managing conflicts.
• Strong written and verbal communication skills with PPT and the ability to explain technical ideas to non-technical individuals at any level.
• Highly independent with high ethical standards and integrity
• Excellent interpersonal and relationship-building skills.

• Assessing the effectiveness of people initiatives, using feedback and data to drive continuous improvement

• Understanding retention challenges and developing creative retention strategies across cohorts and departments

• Designing, administering, and analyzing our employee engagement survey to help inform, develop, and implement broader people priorities to improve employee satisfaction that are aligned with broader business objectives.

What we offer:

• A highly collaborative and entrepreneurial organization that provides the platform to make an impact on day one
• A uniquely talented, diverse, passionate and fun team
• A culture supportive of employee work/life balance
• A deep commitment to diversity, equity, inclusion and anti-racism in our culture, beliefs, systems, and processes
• Competitive benefits and career development opportunities

JOIN OUR TEAM
Our current opportunities for this role are in Mumbai, New Delhi, Mexico city or Johannesburg locations. You must have authorization to work in the country to which you are applying.

We would love to see your resume, cover letter, and portfolio of relevant past work.

Please submit your application at our Career Centre by 11:59PM EST on 16th November 2024.
During the same recruitment period, please only apply to one position at Dalberg. This position should be the role best suited to your current professional experience and to your first preference location. You will have the opportunity to rank your next 2 location preferences within your application, in case there are openings in other offices.

Candidate applications will be considered on a rolling basis. Candidates selected for interviews will be invited for a number of interviews to test analytical and conceptual thinking skills through case questions, and to discuss interests and experience. A candidate’s specific title and level of entry will be assessed during the interview process.

Dalberg values its people and recognizes the importance of balancing professional and personal demands. Qualified and interested candidates irrespective of age, gender, race, religion, background, or ethnic affiliation are encouraged to apply for the vacancy.

We have also pledged to three commitments for Diversity, Equity and Inclusion (DEI) across the firm:

• COMMITMENT 1: We commit to publishing internal Dalberg DEI reports annually, to hold ourselves accountable, report on progress and share lessons from our regional DEI plans.
• COMMITMENT 2: We commit to delivering regular training for all staff (including leadership) on how to engender inclusive workplaces and mitigate unconscious bias.
• COMMITMENT 3: We commit to addressing imbalances in how power and privilege are formally distributed and informally exercised across the firm.