Emergy - GRC Lead - IT Risk & Governance

Description :

Job Summary :

- Lead the design, implementation, and continuous improvement of the GRC framework across the organization

- Conduct enterprise-wide risk assessments and develop risk mitigation strategies

- Ensure compliance with industry standards and regulations such as ISO 27001, SOC 2, GDPR, HIPAA (as applicable)

- Develop, review, and maintain information security policies, procedures, and controls

- Manage internal and external audits, including preparation, coordination, and remediation tracking

- Identify compliance gaps and drive closure through cross-functional collaboration

- Monitor regulatory changes and assess their impact on the organization

- Lead third-party/vendor risk management and due diligence processes

- Define and track key risk indicators (KRIs) and compliance metrics

- Provide regular reporting to senior leadership on risk posture and compliance status

- Conduct security awareness and compliance training programs across teams

- Work closely with IT, Legal, Product, and Business teams to embed compliance into processes

- Support incident management and ensure compliance with reporting requirements

Required Skills & Qualifications :

- 8 to 9 years of experience in Governance, Risk, and Compliance, Information Security, or related domain

- Strong knowledge of risk management frameworks (e.g., ISO 27001, NIST, COBIT)

- Hands-on experience in audit management and compliance programs

- Understanding of regulatory requirements such as GDPR, HIPAA, PCI-DSS (as applicable)

- Experience in vendor risk management and third-party assessments

- Strong analytical, problem-solving, and stakeholder management skills

- Excellent communication and documentation skills

Preferred Qualifications :

- Certifications such as CISA, CISM, CRISC, ISO 27001 Lead Auditor/Lead Implementer

- Experience with GRC tools such as Archer, OneTrust, ServiceNow GRC, or similar platforms

- Exposure to cloud security frameworks (AWS, Azure, GCP compliance standards)

- Experience in handling large-scale audits and enterprise risk programs

Key Competencies :

- Leadership and team management

- Strategic thinking and risk-based decision making

- Attention to detail and governance mindset

- Ability to influence stakeholders and drive compliance culture

- Strong project management capabilities

What Success Looks Like :

- Strong, audit-ready compliance posture across the organization

- Reduced risk exposure through proactive identification and mitigation

- Timely closure of audit findings and compliance gaps

- Improved awareness and adherence to security policies across teams