GRC Analyst

Requirements:

Strong knowledge of regulatory frameworks and standards (ISO 27001, DPDP Act 2023, CERT-In, IT Act).
Experience in drafting and maintaining Information Security, Data Privacy, Incident Response, and Vendor Risk policies.
Proficiency in GRC tools and building centralized repositories for governance artifacts and audit evidence.
Experience in conducting internal audits, compliance reviews, and risk assessments.
Strong skills in developing compliance dashboards, scorecards, and management reports.
Ability to maintain risk registers, control inventories, and track remediation progress.
Excellent documentation, communication, and stakeholder management skills.
Relevant certifications (CISA, CRISC, ISO 27001 Lead Auditor) are preferred.

Qualifications:  BE/BTech degree in Computer Science, Information Technology, or related field.

Job Description:

Conduct baseline risk and compliance assessments across business units.
Draft and align policies and procedures (Information Security, Data Privacy, Incident Response, Vendor Risk).
Build and maintain the centralized GRC repository for governance artifacts, controls, and audit evidence.
Develop compliance dashboards, scorecards, and governance templates for management reporting.
Map controls to regulatory and framework requirements (ISO 27001, DPDP Act 2023, CERT-In, IT Act).
Support the vCISO in defining the governance charter and compliance reporting cadence.
Conduct periodic internal audits and compliance reviews across entities.
Maintain and update the risk register, control inventory, and evidence repository.
Track and report control effectiveness and risk treatment progress.
Generate quarterly and annual compliance reports for the Steering Committee and Executive Sponsors.
Monitor new and emerging regulatory or framework changes and recommend updates.
Support continuous awareness and policy refresh programs to strengthen compliance culture.