Grc Manager

Job Title: GRC Manager

Location: Bhandup, Mumbai

Experience Required: 3-8 years in Governance, Risk, and Compliance (GRC)

Certifications (Preferred): ISO 27001 Lead Auditor / Implementer, CISA, CISM, CISSP

Job Summary:
We are seeking a highly skilled and experienced GRC Executive / Manager to join our team. The ideal candidate will play a key role in managing and strengthening the Governance, Risk, and Compliance framework within the organization. This role involves conducting risk assessments, ensuring compliance with industry regulations, implementing security policies, and driving audit and certification processes.

Role & responsibilities

• Develop, implement, and maintain GRC frameworks, policies, and procedures aligned with ISO 27001, NIST, GDPR, PCI-DSS, and other relevant regulatory standards.
• Conduct risk assessments, risk treatment planning, and mitigation strategies to ensure robust information security and business continuity.
• Lead and coordinate internal and external audits, including ISO 27001, SOC 2, and other compliance audits.
• Ensure effective IT risk management by identifying, analyzing, and monitoring risks to critical business processes.
• Collaborate with cross-functional teams to implement security controls and best practices in IT and business operations.
• Oversee regulatory compliance assessments and gap analysis to ensure adherence to cybersecurity and data protection laws.
• Maintain and improve the Information Security Management System (ISMS) and ensure alignment with business objectives.
• Support the security awareness and training program for employees to enhance compliance and reduce cyber risks.
• Monitor industry trends and emerging threats to update risk and compliance strategies accordingly.
• Report GRC metrics, findings, and recommendations to senior management and key stakeholders.

Preferred candidate profile

• Bachelor's / Masters degree in Information Security, Cybersecurity, IT, or a related field.
• 3-8 years of experience in Governance, Risk, and Compliance (GRC), IT Security, or a related domain.
• Hands-on experience in ISO 27001, SOC 2, NIST CSF, GDPR, PCI-DSS, HIPAA, or similar compliance frameworks.
• Strong understanding of IT risk management, control frameworks (COBIT, NIST, CIS Controls), and data privacy regulations.
• Excellent skills in security assessments, policy development, incident management, and vendor risk management.
• Proficiency in GRC tools and platforms to track risk and compliance activities.
• Strong analytical, problem-solving, and communication skills.
• Ability to manage multiple projects and collaborate with stakeholders at all levels.
• Certifications such as ISO 27001 Lead Auditor / Implementer, CISA, CISM, CISSP are highly preferred.

Preferred Qualifications:

• Experience working in regulated industries such as banking, finance, healthcare, or technology.
• Experience in Third-Party Risk Management (TPRM) and Business Continuity Planning (BCP).
• Knowledge of cloud security compliance frameworks like CSA STAR, ISO 27701, or FedRAMP.

Benefits

• Competitive salary and performance-based incentives.
• Professional development and certification support.
• Work with industry-leading experts in cybersecurity and compliance.
• Flexible work arrangements (hybrid/remote, as applicable).