Cybersecurity - GRC Specialist

Job Title:

Location:

Job Type:

Experience:

About Neysa

Role Overview

Key Responsibilities

• Governance & Compliance
• Design, implement, and manage security compliance programs across our on-premise private cloud infrastructure, aligned with ISO 27001, 27017, 27018, SOC2, DPDPA, and PCI DSS.
• Conduct risk assessments, gap analyses, and treatment planning with a focus on cloud environments.
• Lead internal compliance readiness activities and manage external audits, ensuring timely closure of findings.
• Maintain and enhance GRC documentation, including control matrices, risk registers, and compliance reports.
• Develop and update security policies and procedures in line with evolving business and compliance needs.
• Customer & Stakeholder Engagement
• Respond to customer security questionnaires, RFPs, and due diligence requests.
• Maintain a central repository of security FAQs, certifications, and compliance collateral for Sales enablement.
• Lead security-related discussions with customers, vendors, and auditors, ensuring transparency and trust.
• Collaborate with DevOps, IT, and Infrastructure teams to integrate GRC requirements into the platform lifecycle and embed security-by-design principles.
• Partner with SOC teams for threat detection, monitoring, and incident response use case development.Risk & Security Assessments (including VAPT)
• Plan, conduct, and coordinate vulnerability assessments and penetration tests (VAPT) across applications, systems, and networks.
• Support infrastructure hardening and maintain audit-ready evidence.
• Work with internal teams and third-party vendors for specialized security assessments.
• Analyze findings from vulnerability scans, penetration tests and hardening findings, providing actionable remediation guidance.
• Collaborate with technical teams to prioritize risks, ensure secure configurations, and track remediation progress.
• Assist in securing network and virtual infrastructure components (firewalls, WAF, proxy, VPN, segmentation).
  

Required Skills & Qualifications

• Bachelor’s or Master’s degree in Information Security, Computer Science, o related field.
• 7+ years of cybersecurity experience, with at least 5 years in GRC-focused roles.
• Proven experience in achieving and maintaining compliance with ISO 27001, 27017, 27018, SOC 2, DPDPA, and PCI DSS.
• Experience with VAPT, vulnerability management, and remediation tracking.
• Strong understanding of security frameworks such as NIST CSF, CIS Controls, and ISO standards.
• Effective communicator with the ability to engage Customer, engineering. operations, and executive stakeholders.
• Excellent communication skills with the ability to simplify technical concepts for non-technical stakeholders.
• Strong organizational and project management skills.
  

Preferred Certifications

• GRC-focused: CISA, CISM, CRISC, CISSP, ISO 27001 Lead
• Implementer/Auditor. (Minimum One)
• Technical: CEH, OSCP, or equivalent. (Optional)