IT Manager - GRCA (Governance, Risk, Compliance & Audit)

Job Summary:
The IT GRCA Lead will be responsible for developing and overseeing the governance, risk
management, compliance, and audit processes related to IT, ensuring alignment with the
RBI IT GRCA Guidelines 2024 and other regulatory requirements. The role requires
expertise in managing IT governance frameworks, identifying and mitigating risks,
ensuring regulatory compliance, and leading IT audits. The ideal candidate will work
closely with IT, security, legal, and risk teams to maintain a secure, compliant, and resilient
IT environment.

Key Responsibilities:

Governance Framework:

Establish and manage the IT governance framework to ensure adherence
to RBI IT GRCA Guidelines 2024.
Develop policies, procedures, and standards that govern the use of IT
systems and services in the organization.
Ensure alignment of IT strategy with business objectives and regulatory
requirements.

Risk Management:

Identify, assess, and manage IT risks across the organization, focusing on
data security, regulatory risks, and operational risks.
Implement and maintain a risk management framework to continuously
monitor and address IT risks.
Collaborate with business units and IT teams to ensure risk mitigation
strategies are in place and effectively monitored.

Regulatory Compliance:

Ensure the organization’s IT systems and processes comply with the RBI
IT GRCA Guidelines 2024 and other applicable regulatory requirements
(e.g., data privacy laws, cybersecurity guidelines).

Keep up-to-date with new regulatory changes and ensure timely
adaptation of policies and processes to meet compliance requirements.
Manage compliance reviews, assessments, and certifications (e.g., ISO
27001, PCI-DSS) as required for the organization.

Internal & External Audits:

Lead IT audits to assess the effectiveness of internal controls, risk
management, and compliance processes.
Coordinate with internal audit teams and external auditors to ensure that
all IT-related audits are conducted smoothly and efficiently.
Track and report audit findings, ensuring timely remediation of any
identified issues or non-compliance areas.

Incident & Issue Management:

Manage incidents related to IT governance, risk, or compliance, ensuring
that they are resolved promptly and effectively.
Investigate root causes of incidents and non-compliance, implementing
corrective and preventive measures.


Training & Awareness:

Conduct regular IT governance, risk, and compliance training for
employees, ensuring that staff are aware of their roles and responsibilities
in maintaining compliance with regulatory guidelines.
Develop and deliver awareness programs on RBI IT GRCA Guidelines and
other regulatory changes affecting the organization.

Reporting & Documentation:

Maintain comprehensive documentation of IT governance processes, risk
assessments, compliance activities, and audit reports.
Prepare and present regular reports to senior management, highlighting
key risks, compliance status, and audit outcomes.
Ensure continuous improvement in reporting mechanisms to provide
insights into IT risk and compliance posture.

Collaboration with Cross-functional Teams:

Work closely with IT, legal, security, and risk teams to ensure an
integrated approach to governance, risk, and compliance.
Engage with external regulators (such as the RBI) during inspections or
compliance reviews, ensuring all required information is provided timely
and accurately.

Required Skills & Qualifications:

Bachelors degree in Information Technology, Computer Science, Cybersecurity,
or a related field.
8-12 years of experience in IT governance, risk management, and compliance,
preferably within the NBFC or financial services domain.
Strong understanding of RBI IT GRCA Guidelines 2024, including specific
regulatory requirements applicable to IT systems, data security, and risk
management.
Experience with IT governance frameworks such as COBIT, ITIL, or ISO 27001.
Proven experience in leading IT audits, both internal and external, with a focus on
risk and compliance.
Familiarity with data privacy laws (e.g., GDPR), cybersecurity guidelines, and
regulatory frameworks relevant to NBFCs.

Certifications such as CISA, CRISC, CGEIT, or CISSP are highly desirable.