We are seeking a motivated and skilled GRC professional to join our team. As a GRC Analyst, you will be responsible for managing cybersecurity risks, conducting compliance assessments, and implementing security policies based on industrys best practices, including ISO 27001/22301 and RBI/SEBI guidelines. This role offers an excellent opportunity to build and enhance your skills in the rapidly evolving field of cybersecurity governance, risk management, and compliance.

Key Responsibilities :

- Compliance & Regulatory Oversight: Ensure compliance with applicable laws and regulations, such as RBI/SEBI cybersecurity guidelines, GDPR, DPDP and other - local and international frameworks.

- Risk Management: Assist in conducting risk assessments to identify, evaluate, and prioritize risks related to information security and business operations.

- Audit Support: Support internal and external audits by preparing documentation, coordinating audit activities, and ensuring compliance with cybersecurity policies and standards.

- Cybersecurity Program Management: Work closely with IT, legal, and other stakeholders to integrate cybersecurity risk management into business processes, ensuring alignment with organizational goals.

- Policy Development & Training: Contribute to the development of information security policies, procedures, and guidelines, and assist in delivering training programs to raise awareness of security best practices across the organization.

- Continuous Improvement: Collaborate with various teams to assess the effectiveness of existing controls and propose improvements to enhance the organization's cybersecurity posture.

- Reporting & Documentation: Maintain clear and comprehensive documentation of risk assessments, compliance activities, audits, and incident reports to provide transparency to senior leadership and regulatory bodies.

Qualifications :

- 2-5 years of hands-on experience in Governance, Risk, and Compliance (GRC) roles.

- Good understanding of information security principles, controls, and risk management methodologies, compliance and audits

- Hands on experience of implementing two or more standards such as ISO 27001/2, ISO22301, SOC2, PCI DSS, NIST standards on Cyber Security, HITRUST, DPDP, HIPAA, GDPR etc.

- Third-party Risk Management (TPRM)

- Strong analytical skills and attention to detail in identifying security vulnerabilities and assessing compliance gaps.

- Excellent written and verbal communication skills to prepare reports and deliver presentations.

- Cloud Expertise (AWS/Azure/GCP)

- Security Certifications are preferred.