Job Description
Job Summary
The GRC professional will support the organization in establishing, maintaining, and improving governance frameworks, risk management processes, and compliance programs. The role involves policy management, risk assessments, audits, regulatory compliance, and coordination with internal and external stakeholders.
Key Responsibilities
Governance
- Develop, review, and maintain information security and IT governance policies, standards, procedures, and guidelines
- Ensure alignment of policies with business objectives and regulatory requirements
- Support corporate governance initiatives and internal control frameworks
Risk Management
- Conduct IT and information security risk assessments and document risk registers
- Identify, analyze, and evaluate operational, IT, and compliance risks
- Support risk treatment plans and track remediation activities
- Assist in Business Impact Analysis (BIA) and risk reporting to management
Compliance
- Ensure compliance with standards and regulations such as:
- ISO 27001 / ISO 27701
- SOC 1 / SOC 2
- GDPR / DPDP Act (India)
- PCI-DSS (if applicable)
- Coordinate internal and external audits and compliance assessments
- Track compliance gaps and follow up on corrective actions
Audit & Assessments
- Plan and execute internal audits and control assessments
- Support third-party/vendor risk assessments
- Collect audit evidence and maintain compliance documentation
- Respond to audit queries and ensure timely closure of observations
Awareness & Reporting
- Conduct security and compliance awareness sessions for employees
- Prepare dashboards, metrics, and compliance reports for management
- Maintain GRC documentation and compliance trackers
Skills & Competencies
Technical Skills
- Strong understanding of GRC frameworks (ISO 27001, NIST, COBIT, ITIL)
- Experience with risk assessment methodologies
- Knowledge of regulatory and legal compliance requirements
- Familiarity with GRC tools (Service Now GRC, Archer, Metric Stream – preferred)
Soft Skills
- Strong analytical and problem-solving skills
- Good documentation and reporting skills
- Effective communication with cross-functional teams
- Attention to detail and ability to manage multiple compliance activities
Certifications (Preferred)
- ISO 27001 Lead Implementer / Lead Auditor
- CISA / CRISC
- CISSP (added advantage)
The GRC professional will support the organization in establishing, maintaining, and improving governance frameworks, risk management processes, and compliance programs. The role involves policy management, risk assessments, audits, regulatory compliance, and coordination with internal and external stakeholders.
Key Responsibilities
Governance
- Develop, review, and maintain information security and IT governance policies, standards, procedures, and guidelines
- Ensure alignment of policies with business objectives and regulatory requirements
- Support corporate governance initiatives and internal control frameworks
Risk Management
- Conduct IT and information security risk assessments and document risk registers
- Identify, analyze, and evaluate operational, IT, and compliance risks
- Support risk treatment plans and track remediation activities
- Assist in Business Impact Analysis (BIA) and risk reporting to management
Compliance
- Ensure compliance with standards and regulations such as:
- ISO 27001 / ISO 27701
- SOC 1 / SOC 2
- GDPR / DPDP Act (India)
- PCI-DSS (if applicable)
- Coordinate internal and external audits and compliance assessments
- Track compliance gaps and follow up on corrective actions
Audit & Assessments
- Plan and execute internal audits and control assessments
- Support third-party/vendor risk assessments
- Collect audit evidence and maintain compliance documentation
- Respond to audit queries and ensure timely closure of observations
Awareness & Reporting
- Conduct security and compliance awareness sessions for employees
- Prepare dashboards, metrics, and compliance reports for management
- Maintain GRC documentation and compliance trackers
Skills & Competencies
Technical Skills
- Strong understanding of GRC frameworks (ISO 27001, NIST, COBIT, ITIL)
- Experience with risk assessment methodologies
- Knowledge of regulatory and legal compliance requirements
- Familiarity with GRC tools (Service Now GRC, Archer, Metric Stream – preferred)
Soft Skills
- Strong analytical and problem-solving skills
- Good documentation and reporting skills
- Effective communication with cross-functional teams
- Attention to detail and ability to manage multiple compliance activities
Certifications (Preferred)
- ISO 27001 Lead Implementer / Lead Auditor
- CISA / CRISC
- CISSP (added advantage)
Apply for this Position
Ready to join ? Click the button below to submit your application.
Submit Application