Job Title: Assistant Manager - Information Security/ IT GRC
Base Location: Thane/ Mumbai
Employment Type: Full-Time/ Contractual
Reporting To: Partner
Firm Overview:
KVAT & Co, a business consulting and auditing firm with deep expertise in corporate governance, risk management, compliance, monitoring services, technology, and training. Established in 2021, our firm has rapidly evolved from a pioneering partnership between two visionary leaders to a robust team of seasoned professionals with a diverse industry presence. Our operational capacity has expanded significantly to accommodate the increasing demands of clientele which are some of the leading organizations in the diverse industry segments. We continue to scale our services to deliver unparalleled solutions tailored to meet and exceed the evolving needs of our clients. We have forged strategic alliances in India, the Kingdom of Saudi Arabia, the United Arab Emirates and Cameroon enhancing our capability to serve a global clientele effectively. With a registered office in India, our international perspective ensures that we provide comprehensive solutions that meet global standards.
Job Summary
KVAT & Co is seeking a highly skilled and experienced
Assistant Manager - Information Security/ IT GRC
for its
Governance, Risk, and Compliance – Technology (GRC-T)
practice. The ideal candidate will be responsible for executing and leading
Information Security, Cybersecurity, and Data Privacy
projects, ensuring compliance with regulatory standards, and providing strategic guidance to clients. This is a
client-facing role
requiring strong
executive presence, leadership abilities, and technical expertise
in the domain.The candidate should be able to
independently manage projects and lead client engagements.
Key Responsibilities
- Cybersecurity & Information Security Assessments:
- Conduct comprehensive cybersecurity reviews for clients.
- Perform gap assessments against leading security frameworks (ISO 27001, NIST, CIS, etc.).
- Evaluate existing information security controls and recommend remediation measures.
- Security Implementation & Monitoring:
- Act as an implementation partner for information security controls and frameworks.
- Oversee and monitor the implementation process to ensure adherence to industry best practices.
- Support organizations in achieving compliance with regulatory frameworks (RBI, IRDAI, SEBI, GDPR, DPDP, SOX, etc.).
- Policy Drafting & IT Risk Management:
- Develop and draft information security policies for clients as per industry standards.
- Conduct IT risk assessments to identify vulnerabilities and threats.
- Develop risk mitigation strategies to enhance IT governance frameworks.
- Security Testing & Third-Party Risk Assessments:
- Provide support in vulnerability assessments & penetration testing (VAPT).
- Conduct third-party IT risk assessments and vendor information security reviews.
- Data Privacy & Regulatory Compliance:
- Assist in GDPR compliance assessments and implementation projects.
- In-depth understanding of DPDP (Digital Personal Data Protection) framework and Indian data privacy laws.
- Stay updated with IRDAI, RBI, SEBI master circulars, and cybersecurity regulations to ensure compliance.
- Client & Team Management:
- Serve as a point of contact for clients on information security project execution.
- Conduct awareness sessions for clients
- Assist in presentations for clients.
- Business Development & Stakeholder Engagement:
- Develop decks, case study-based proposals, and service presentations.
- Present service offerings and project-based case studies to prospective clients.
- Lead discussions with CXOs, CIOs, and other senior stakeholders on cybersecurity matters.
Key Skills & Competencies
✅
Technical Expertise:
Strong knowledge of
cybersecurity frameworks, risk management, and IT governance
.✅
Regulatory Understanding:
Hands-on experience with
GDPR, DPDP, RBI, IRDAI, SEBI, SOX and relevant cybersecurity guidelines
.✅
Communication & Presentation:
Ability to
clearly articulate cybersecurity strategies
and deliver high-impact
presentations
to clients.✅
Leadership & Client Handling:
Prior experience in a
client-facing role
with the ability to
manage projects independently
.✅
Report Writing & Documentation:
Strong
reporting, policy drafting, and technical documentation
skills.✅
Project Management:
Ability to
plan, execute, and ensure timely delivery
of IT GRC projects.✅
Business Acumen:
Experience in
service pitching, proposal drafting, and stakeholder engagement
.
Required Qualifications & Experience
🎓
Educational Background:
- Bachelor’s in related fields
- Any additional certifications will serve as an added advantage.
💼 Experience
- 5+ years of experience in Information Security, Cybersecurity, and IT GRC domains.
- Proven track record of handling projects independently and client interactions.
- Prior experience in consulting firms or IT security advisory firms is an added advantage.
CTC:
As per industry standards and experience
Why Join KVAT & Co?
🌟 Opportunity to
lead the projects
🌟 High visibility role with
direct client exposure
and impact.🌟 Work on
diverse industry sectors
, handling cutting-edge cybersecurity projects.🌟 Collaborative and
growth-oriented work environment
.
Application Process
Interested candidates can share their resume at pranali.t@kvatco.co.in with the subject line
“Application for Information Security Lead – IT GRC”
.Skills: iso,cism,information security,irdai,security,cisa,it grc,sebi regulations,cybersecurity,sox compliance,it,risk,rbi,grc,pfrda
