MAI Labs - Cybersecurity Analyst - GRC & Audit (5-6 yrs)

Mai Labs (Erstwhile P2e Labs) is a startup with the ambitious goal of creating the next Internet.

- We are dedicated to empowering the next billion users and democratizing the creation and unlocking of value on the Internet.

- With human interactions at the core, our technology acts as an enabler to unlock new opportunities for all Internet users, not the privileged few.

- Our portfolio includes a range of innovative products, including an open world - immersive platform to help creators craft immersive environments and assets, and a work in progress immersive realm.

- We are inching towards our vision of creating a complete photorealistic virtual world with complete design freedom and autonomy to artists & developers.

- Who We Are: We are building a trust based, people centric Company with focus on Users.

- Our team is proud to be building towards 'Made-in-India', building inclusive & compliant products for everyone in the community.

- We believe that People are core of our business, they build, they collaborate, they innovate, and they surprise themselves by becoming best version of themselves.

- Beyond the ask of role requirements, we hire for willingness to challenge status quo, with proclivity towards collaboration.

Summary:

- The Senior Analyst for Governance, Risk, and Compliance (GRC) with 4 to 6 years of experience is an essential member of the risk management and compliance team within the organization.

- This position involves taking the lead in conducting audits and implementing measures related to Information Security Management Systems (ISMS), National Institute of Standards and Technology (NIST) framework, and Service Organization Control (SOC2) compliance.

- The Senior Analyst will have a critical role in ensuring that the organization complies with regulatory requirements, industry standards, and internal policies.

Roles and Responsibilities:

- Leading Audits and Implementations: Conducting audits and assessments related to ISMS, NIST framework, and SOC2 compliance.

- Taking charge of implementing corrective actions and control enhancements to ensure compliance and effectively mitigate risks.

- Governance and Compliance: Assisting in the development and maintenance of governance frameworks, policies, and procedures to ensure alignment with regulatory requirements and industry standards.

- Proactively monitoring changes in regulations and standards to address compliance needs.

Risk Management:

- Actively participating in risk assessments and analyses to identify, evaluate, and prioritize risks.

- Developing strategies and recommendations to mitigate identified risks and enhance the organization's risk posture.

Internal Controls:

- Evaluating existing internal controls and providing recommendations for improvements to strengthen the control environment.

- Collaborating with cross-functional teams to implement control enhancements and monitor their effectiveness.

Documentation and Reporting:

- Creating comprehensive audit reports, risk assessments, and compliance documentation.

- Effectively communicating findings, recommendations, and action plans to stakeholders and senior management.

- Training and Awareness: Offering guidance and training to internal stakeholders on compliance requirements, best practices, and control procedures.

- Promoting a culture of compliance and awareness throughout the organization.

Vendor Management:

- Assessing third-party vendors for compliance with contractual obligations, regulatory requirements, and industry standards.

- Coordinating vendor assessments and conducting due diligence activities as necessary.

Preferred Tools Knowledge:

- Governance, Risk, and Compliance (GRC) Platforms

- Audit Management Tools

- Risk Assessment and Analysis Tools

- Compliance Monitoring and Reporting Tools

- Data Analytics and Visualization Tools

- Cybersecurity and Vulnerability Assessment Tools (for GRC Analysts focusing on IT Risk)

- Document Management and Collaboration Tools

- Regulatory Research and Compliance Tools

- Reporting and Governance Tools

Qualifications:

- A bachelor's degree in information technology, Computer Science, Business Administration, or a related field is required.

- A master's degree or professional certifications such as ISO, CRISC, CISA, CISSP, CISM are preferred.

- The ideal candidate should have over 5 years of extensive experience in governance, risk management, and compliance roles, focusing on ISMS, NIST, and SOC2 compliance.

- A successful history of leading audits, assessments, and implementations related to information security and compliance frameworks is essential.

- Thorough knowledge of relevant regulations like GDPR, PCI, standards such as ISO 27001, and industry best practices is necessary.

- Strong analytical skills are required to evaluate complex issues and devise practical solutions.

- Excellent communication and interpersonal skills are a must, with the ability to engage effectively with stakeholders at all levels.

- Proven project management skills, including task prioritization, meeting deadlines, and handling multiple initiatives concurrently, are vital.

- Proficiency in risk assessment methodologies, control frameworks, and audit techniques is expected.

- Experience with GRC tools and software applications would be advantageous.

- A dedication to upholding the highest standards of integrity, confidentiality, and professionalism is essential