- Develop, implement, and maintain the organizations GRC framework, policies, and procedures.

- Support security governance activities and ensure alignment with corporate objectives.

- Maintain documentation and records to demonstrate compliance with regulatory and contractual obligations.

2. Risk Management

- Conduct periodic risk assessments, identify gaps, and recommend mitigation strategies.

- Maintain and update the enterprise risk register.

- Collaborate with business units to assess and track remediation of identified risks.

3. Compliance :

- Monitor adherence to relevant frameworks and regulations (e.g., SOC 2, ISO 27001, GDPR).

- Prepare for and support internal and external audits, including evidence collection and control testing.

- Conduct policy reviews and ensure staff awareness and training on compliance requirements.

- Track regulatory changes and assess their impact on organizational compliance posture.

4. Reporting & Metrics :

- Generate compliance and risk management reports for management and stakeholders.

- Provide regular updates on GRC activities, audit findings, and remediation progress.

5. Continuous Improvement :

- Recommend and implement process improvements to enhance efficiency and effectiveness of GRC activities.

- Stay updated with industry best practices and emerging compliance technologies.

- Lead comprehensive security assessments, including risk assessments, vulnerability assessments, and penetration tests to identify and mitigate security risks.

- Implement controls that are required to stay compliant with DPAs signed with our Clients and ensure the documentation and necessary training and handle incidents as per controls in these agreements.

- Develop and implement information security policies, standards, and procedures in accordance with industry best practices and regulatory requirements.