Job Overview
We are looking for a highly skilled IT Governance, Risk and Compliance (GRC) to manage information security and compliance initiatives by supporting our NIST CSF, ISO 27001, GDPR, DPDP Act, TPRM and other related programs, while driving risk management, audit readiness and continuous process improvement.
Key Responsibilities
-
Manage IT Compliance programs and support IT/ Security initiatives, including NIST CSF 2.0, ISO 27001:2022, GDPR, DPDP Act and other similar standards and frameworks
-
Manage internal and external audits, including coordination with auditors, evidence collection, and remediation of findings.
-
Drive IT risk assessments, vendor risk management, and corrective action plans.
-
Collaborate with IT, security, and product teams to ensure operational practices meet compliance requirements.
Skills & Qualifications Required
-
5+ years of experience in IT Audit, IT Risk, GRC, or Information Security.
-
Strong understanding of IT general controls, security operations, and data protection requirements.
-
Experience with IT audit management, evidence collection, and control testing.
-
Experience with end to end Third-party risk management including tiered vendor reviews, security questionnaires, risk scoring, and ongoing monitoring.
-
Hands-on knowledge of NIST CSF, NIST SP 800-53 and ISO 27001.
-
Knowledge of Cloud fundamentals (AWS), SaaS models, and modern infrastructure
-
Excellent communication, documentation, and stakeholder management skills.
-
Strong analytical and problem-solving abilities.
-
B.E / B.Tech - IT /CS
Good to Have
-
Prior security engineering or application security background before moving into GRC
-
Experience in a regulated sector (Banking, Fintech, Insurance) or Big 4 Audit (IT Risk advisory) is highly preferred.