Assistant Manager - Information Security/ IT GRC

Role & responsibilities

Job Title: Assistant Manager - Information Security/ IT GRC

Base Location: Thane/ Mumbai

Employment Type: Full-Time

Reporting To: Partner

Job Summary:

KVAT & Co is seeking a highly skilled and experienced Information Security Lead for its Governance, Risk, and Compliance Technology (GRC-T) practice. The ideal candidate will be responsible for executing and leading Information Security, Cybersecurity, and Data Privacy projects, ensuring compliance with regulatory standards, and providing strategic guidance to clients. This is a client-facing role requiring strong executive presence, leadership abilities, and technical expertise in the domain.

The candidate should be able to independently manage projects and lead client engagements.

Key Responsibilities:

1. Cybersecurity & Information Security Assessments and IT Audits:

• Conduct comprehensive cybersecurity reviews and IT Audits for clients.
• Perform gap assessments against leading security frameworks (ISO 27001, NIST, CIS, etc.).
• Evaluate existing information security controls and recommend remediation measures.

2. Security Implementation & Monitoring:

• Act as an implementation partner for information security controls and frameworks.
• Oversee and monitor the implementation process to ensure adherence to industry best practices.
• Support organizations in achieving compliance with regulatory frameworks (RBI, IRDAI, SEBI, GDPR, DPDP, etc.).

3. Policy Drafting & IT Risk Management:

• Develop and draft information security policies for clients as per industry standards.
• Conduct IT risk assessments to identify vulnerabilities and threats.
• Develop risk mitigation strategies to enhance IT governance frameworks.

4. Security Testing & Third-Party Risk Assessments:

• Provide support in vulnerability assessments & penetration testing (VAPT).
• Conduct third-party IT risk assessments and vendor information security reviews.

5. Data Privacy & Regulatory Compliance:

• Assist in GDPR compliance assessments and implementation projects.
• In-depth understanding of DPDP (Digital Personal Data Protection) framework and Indian data privacy laws.
• Stay updated with IRDAI, RBI, SEBI master circulars, and cybersecurity regulations to ensure compliance.

6. Client & Team Management:

• Serve as a point of contact for clients on information security project execution.
• Conduct awareness sessions for clients
• Assist in presentations for clients.

7. Business Development & Stakeholder Engagement:

• Develop decks, case study-based proposals, and service presentations.
• Present service offerings and project-based case studies to prospective clients.
• Lead discussions with CXOs, CIOs, and other senior stakeholders on cybersecurity matters.

Key Skills & Competencies:

✅ Technical Expertise: Strong knowledge of cybersecurity frameworks, risk management, and IT governance.
✅ Regulatory Understanding: Hands-on experience with GDPR, DPDP, RBI, IRDAI, SEBI cybersecurity guidelines.
✅ Communication & Presentation: Ability to clearly articulate cybersecurity strategies and deliver high-impact presentations to clients.
✅ Leadership & Client Handling: Prior experience in a client-facing role with the ability to manage projects independently.
✅ Report Writing & Documentation: Strong reporting, policy drafting, and technical documentation skills.
✅ Project Management: Ability to plan, execute, and ensure timely delivery of IT GRC projects.
✅ Business Acumen: Experience in service pitching, proposal drafting, and stakeholder engagement.

Required Qualifications & Experience:

🎓 Educational Background:

• Bachelors in related fields
• Any additional certifications will serve as an added advantage.

💼 Experience:

• 5+ years of experience in Information Security, Cybersecurity, and IT GRC domains.
• Proven track record of handling projects independently and client interactions.
• Prior experience in consulting firms or IT security advisory firms is an added advantage.
• Consulting experience preferred

CTC: As per industry standards and experience

Why Join KVAT & Co?

🌟 Opportunity to lead the projects
🌟 High visibility role with direct client exposure and impact.
🌟 Work on diverse industry sectors, handling cutting-edge cybersecurity projects.
🌟 Collaborative and growth-oriented work environment.

Application Process:

Interested candidates can share their resume at hr@kvatco.co.in with the subject line Application for Information Security Lead – IT GRC”.