We are seeking an experienced GRC / Cybersecurity Compliance professional to lead and strengthen the organization’s Information Security Governance, Risk, and Compliance (GRC) initiatives. This role will provide strategic advisory support to ensure compliance with regulatory and industry standards including PCI-DSS, ISO 27001, RBI guidelines, and J-SOX.
The ideal candidate will possess strong stakeholder communication skills, proven team leadership experience, and the ability to drive enterprise-wide security programs, audits, and continuous improvement initiatives.
Lead and provide strategic advisory support for compliance with PCI-DSS, ISO 27001, RBI guidelines, J-SOX, and other applicable regulatory frameworks.
Design, implement, and continuously enhance the Information Security & GRC program, including policies, procedures, controls, awareness initiatives, and monitoring mechanisms.
Own and manage enterprise-wide risk assessments, vulnerability management activities, and compliance gap analyses.
Plan and conduct internal audits across business units, suppliers, and vendors to assess information security and compliance maturity.
Act as the primary point of contact for internal, external, and third-party audits, including audit coordination, evidence preparation, and closure of audit findings.
Review and analyze SOC monitoring outputs and VAPT reports, identify non-compliance issues, and drive remediation in collaboration with technology and business teams.
Lead, mentor, and guide junior GRC / Information Security team members, ensuring effective task allocation and continuous skill development.
Collaborate closely with IT, Engineering, Legal, Compliance, Risk, and Business stakeholders to embed security best practices into organizational processes and projects.
Prepare and present clear, concise risk and compliance reports to senior management and leadership.
Design and deliver Information Security awareness and training programs across the organization.
Track regulatory changes, emerging cyber threats, and industry best practices to continuously enhance the organization’s cybersecurity posture.
Support the implementation and optimization of GRC tools, risk registers, and audit management platforms.
6–8 years of relevant experience in GRC, Information Security, Risk Management, or Compliance.
Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related discipline.
Prior experience in regulated environments such as BFSI, Fintech, IT Services, or Healthcare is highly preferred.
Strong hands-on knowledge of PCI-DSS, ISO 27001, RBI guidelines, J-SOX, and other compliance frameworks.
Experience with SOC operations, VAPT analysis, risk assessment methodologies, and security control implementation.
Familiarity with GRC tools, audit management systems, and compliance tracking platforms.
Proven experience in team handling and mentoring.
Excellent verbal and written communication skills, with the ability to interact confidently with auditors, regulators, and senior leadership.
Strong stakeholder management, presentation, and influencing capabilities.
Ability to work independently while driving collaboration across cross-functional teams.