JOB Opening at

Please contact




GRC Lead

Primary Skills

Information security, data privacy, regulatory compliance, information security & data privacy risk assessment, 3rd party risk assessment, incident management, business continuity areas


3 to 5 years

Reporting To

Senior Manager-GRC

Contact Person



Information Technology & Services, BFIS & Healthcare clientele

Key Responsibilities


  1. Map the compliance requirements with Management System identifying the necessary administrative/technical/physical controls including gaps, if any, along with remediation plans.
  2. Develop the necessary policies, processes, procedures, guidelines, checklists, compliance requirements, audit criteria along with reviews by respective stakeholders and publish in the Management System.
  3. Ensure the implementation of the engagement specific controls across the account/projects, HR, Training, IT, and Admin areas along with regular monitoring and control.
  4. Based on the audit plan and agreed focus areas, publish audit schedules internally.
  5. Involve in RFI/RFP responses to customers, customer’s 3rd party risk assessments & audits, vendor risk assessments & audits, certification audits/assessments ensuring with the necessary requirements.
  6. Conduct internal audits covering on-prem and cloud environments in line with applicable information security & data privacy standards, regulatory requirements and along with the analysis of audit findings.
  7. Liaise with the external auditors and coordinate during external audits/assessments and VAPT exercises along with internal coordination.
  8. Facilitate teams to identify corrections, root causes, corrective & preventive actions and ensure closure of internal/external audit findings.
  9. Drive the internal IT information security & data privacy risk assessments liaising with stakeholders adhering to the policy requirements and facilitate to mitigate the risks identified.
  10. Facilitate during incident/security breach coordinating with stakeholders adhering to incident response, incident investigation and incident resolution.
  11. Drive the business continuity testing exercises liaising with stakeholders adhering to the policy requirements and facilitate to mitigate the risks identified.
  12. Facilitate during eWaste disposal and fire drills coordinating with stakeholders adhering the policy requirements.

Job Description

Desired Skill, Experience, Qualifications, Certifications etc,

  • Graduate in Computer Science/Engineering
  • At least 3 to 5 years of experience in the areas of IT processes, IT risk, IT compliance and IT audit assurance areas dealing with information security and data privacy.
  • Experience on various industry recognized BFSI & healthcare regulations/standards/frameworks such as ISO 27001, SSAE 18 SoC 2 Type 2, NYDFS, FFIEC, HIPAA/HITECH, etc.
  • Experience in working with various stakeholders, leadership team, certification bodies, etc.
  • Excellent communication skills
  • Certifications in the areas of Lead Auditor ISO 27001, CISA, HIPAA, Risk Manager, Privacy Officer, etc.