GRC Specialist - Security Operations Center (8-15 yrs)

Job Title : GRC Specialist

Location : Bengaluru

Experience Required :10-15 years (with a minimum of 8+ years relevant in GRC, audit, or risk management)

Essential Duties and Responsibilities :

1. Governance, Risk, and Compliance (GRC) Management :

- Lead GRC assessments, policy development, and procedural implementations.

- Conduct training, awareness programs, and change management activities for end users.

2. Security Assessments and Compliance :

- Perform security assessments based on frameworks like ISO 27001:2022, NIST 800, NIST CSF, PCI DSS, and HITRUST.

- Conduct gap analyses, risk identification, and provide actionable recommendations for compliance improvements.

3. - Audit and Regulatory Compliance:-

- Lead and manage SOC1, SOC2, and other regulatory compliance readiness.

- Collaborate with internal/external auditors, customers, and government regulators to ensure compliance.

4. Risk Management and Strategic Consulting :

- Develop and execute risk methodologies to meet changing requirements.

- Act as a consultant to business units, aiding in the understanding and implementation of internal controls.

5. Leadership and Stakeholder Engagement :

- Act as a GRC liaison with executive management and stakeholders.

- Promote a performance-focused, consultative culture to support compliance and company growth.

6. Operational and Metric Reporting :

- Coordinate, track, and report divisional and business unit metrics.

- Transform risk data into meaningful metrics for executive decision-making.

Job Qualifications :

Educational Background :

- Bachelor's degree in Computer Science, Information Technology, Risk Management, or related fields.

Certifications (Minimum 2 Required) :

- Certified Information Systems Auditor (CISA)

- Certified in Risk and Information System Controls (CRISC)

- Certified Information Systems Security Professional (CISSP)

Experience :

- 10-15 years in GRC, audit, or risk management roles, including Big 4 consulting experience.

- 8+ years in designing and implementing technology controls, auditing, and providing risk remediation recommendations.

- 5+ years in business process design, data privacy, SDLC, vendor management, and incident response.

- 8+ years of audit experience with SOC1, SOC2, and regulatory compliance.

- Operational leadership roles, including international experience across consulting services, financial services, insurance, or healthcare.

Skills and Competencies :

Mandatory Skills :

- COSO, SOX Compliance

Desirable Skills :

- Risk Assurance

- Enterprise Risk Management (ERM)

- Advanced knowledge of frameworks like ISO, NIST 800-53, NIST CSF, PCI DSS, HITRUST, and GDPR.

Key Competencies :

- Exceptional written, verbal, and presentation skills.

- Strong interpersonal skills for matrixed environments and executive-level interaction.

- Self-motivated, analytical problem-solver with thought leadership abilities.

- Experience with managed security services and identifying continuous improvement opportunities.

Years of Experience : 6-8 years (focused on COSO and SOX Compliance).