Job Description:

The GRC analyst plays an integral part in the development, implementation, and compliance of information risk management across the enterprise. The analyst is responsible for managing risks related to the use of Information Technology, Information Security, Privacy, Regulatory Compliance and Governance.

Responsibilities:

  • The person is responsible for managing risks related to the use of information technology, Information security, privacy, regulatory compliance and governance.
  • Serve as a subject matter expert to ensure and monitor compliance with Regulatory Requirements.
  • Work closely with Information security teams to conduct gap analysis and implement Frameworks/Standards like ISO 27001, Privacy, GDPR, PDPB etc.
  • Develop and revise Policies, Standards, Processes and Guidelines periodically.
  • Assess design effectiveness and continually monitor operating effectiveness of controls Track and monitor Risk Treatment plans
  • Understand the trade-offs required to manage different levels of risk tolerance and risk exposure across the organization and be able to communicate to responsible team members
  • Advise business-led technology projects on IT risk awareness and standards compliance

Experience:

Analyzing and applying Information Security, Risk Management, and Privacy practices or Policies for minimum of 10-15 years of experience in the following:

  • Experience of working on GRC tools like ServiceNow/ Archer/ MetricStream
  • Risk Analytics experience within finance and/or IT Threat, Vulnerability, Business Continuity, and Risk Assessment
  • National and International Regulatory Compliances and Frameworks such as NIST Cyber Security Framework, ISO, PCI DSS, GDPR etc.
  • CEH, ECIH, CRISC, CISA or CISSP Certifications preferred
  • In depth knowledge of IT Security Management risk practices

Soft skills requirements:

  • Ability to define and communicate risk in business-relevant language
  • Excellent verbal and written communication skills
  • Ability to react to high pressure dynamic changing environments
  • Ability to communicate IT risk concepts to non-technical people
  • Strong problem solving and analytical skills

Qualification:

  • BE (any Stream),
  • Certificates like ISO 27001 LA, ISO 27001 LI, CISA will be added advantage
  • Should be aware of IT infrastructure , Server and other devices management skills and related risks
  • Understanding of Regulatory requirements like RBI, Advisories, GDPR, PDPB etc..

Note: we are looking to hire candidates willing to join us Immediately or in one month notice