Job Description: GRC Analyst Location: Delhi/NCR (Hybrid Work Model) Position Overview: We are seeking a dynamic and skilled GRC (Governance, Risk, and Compliance) Consultant to join our team. The ideal candidate will be ISO 27001 Lead Implementer Certified and possess extensive knowledge of various GRC frameworks. The candidate should have exceptional communication skills, be highly presentable, and have the ability to interact with clients at all levels. This role offers a hybrid work model, allowing a mix of remote work and on-site visits as well Key Responsibilities: • Governance and Compliance: • Assist organizations in designing, implementing, and maintaining robust GRC frameworks tailored to business needs. • Ensure compliance with ISO 27001 standards and other relevant industry regulations. • Develop and review policies, procedures, and risk management strategies. • Risk Management: • Conduct risk assessments and gap analyses to identify potential security and compliance risks. • Recommend risk mitigation strategies and monitor their implementation. • Audits and Assessments: • Prepare and lead clients through internal and external compliance audits. • Provide support during third-party audits and assessments. • Client Interaction: • Engage with clients to understand their specific GRC needs and offer tailored solutions. • Deliver presentations, training, and workshops to educate clients on GRC best practices. • Reporting and Documentation: • Create detailed reports and dashboards to provide insights into the organization’s compliance posture. • Maintain thorough documentation to support audits and ongoing compliance efforts. Required Qualifications and Skills: • Certification: ISO 27001 Lead Implementer Certified (Mandatory). • Knowledge of Frameworks: Comprehensive understanding of major GRC frameworks such as NIST, COBIT, GDPR, HIPAA, PCI DSS, and SOC 2. • Communication: Exceptional verbal and written communication skills in English. • Presentation Skills: Ability to present ideas and solutions clearly and professionally to diverse audiences. • Technical Skills: Familiarity with GRC tools and technologies is a plus. • Analytical Mindset: Strong analytical and problem-solving abilities to address complex compliance challenges. • Flexibility: Comfortable working in a hybrid environment and traveling to client locations within Delhi/NCR as required. Desired Traits: • Self-motivated and proactive approach to work. • Strong team player with the ability to work independently when needed. • Proven ability to manage multiple clients and projects simultaneously. Job Details: • Type: Full-time • Location: Delhi/NCR (Hybrid – Work from home with site visits as needed) • Compensation: Competitive salary based on experience and expertise.
Job Title: Freelance/Contract GRC Consultant – IS Audit (Incident Management) Location: Riyadh, Saudi Arabia Engagement Type: Contract (6 weeks) Tentative Duration: 3rd August – 11th September Number of Positions: 2 Industry: Banking/Financial Services (preferred) Experience Required: 6–10 years Work Model: Onsite (Riyadh) Nationality: Open Compensation Includes: Visa facilitation Round-trip flight tickets Hotel accommodation (with breakfast) Daily allowance Project Objective The objective of this engagement is to conduct a comprehensive Information Systems Audit focused on the IT Incident and Problem Management processes, assessing their effectiveness, alignment with internal policies, and compliance with best practices such as ITIL and regulatory standards for one of our prestigious clients. Scope of Audit The audit will encompass the full lifecycle of Incident and Problem Management, including but not limited to: Incident detection, logging, categorization, and prioritization Response, resolution, and closure processes Problem identification and root cause analysis Integration with Change Management SLA adherence, escalation mechanisms, and reporting structure Tool capabilities and data accuracy Effectiveness review of selected major incident/problem records Consultant Responsibilities The consultant is expected to: Provide subject matter expertise in ITIL-aligned Incident and Problem Management Assess control design and test operational effectiveness Validate compliance with internal frameworks and regulatory requirements Review documentation, tool configurations, and ticket data Identify process inefficiencies, risks, and areas for improvement Deliver detailed audit findings and actionable recommendations in structured format Required Skills & Qualifications 6–10 years of experience in IT GRC, Internal Audit, or IT Risk, preferably in banking or financial sectors Proven expertise in ITIL v3/v4 — especially in Incident and Problem Management Experience with ITSM tools such as ServiceNow, JIRA Service Desk, BMC Remedy, etc. Strong understanding of audit methodologies, internal control frameworks, and SLA/KPI reporting Exceptional documentation, reporting, and stakeholder communication skills Ability to identify control weaknesses, gaps, and improvement opportunities Engagement Logistics Start Date: Tentative – 3rd August 2025 End Date: 11th September 2025 Duration: 6 weeks (full-time onsite) Location: Riyadh, Saudi Arabia Support Provided: Visa, travel, stay (breakfast), and daily per diem allowance
Apply Here : https://docs.google.com/forms/d/e/1FAIpQLSeCA36Nk-ZRCI5UrUB8OQcKingYCbm9HvF90f_vjIe5r7QDnw/viewform?usp=header Job Description: GRC Analyst Location: Delhi/NCR (Hybrid Work Model) Experience: 2 yrs Position Overview: We are seeking a dynamic and skilled GRC (Governance, Risk, and Compliance) Consultant to join our team. The ideal candidate will be ISO 27001 Lead Implementer Certified and possess extensive knowledge of various GRC frameworks. The candidate should have exceptional communication skills, be highly presentable, and have the ability to interact with clients at all levels. This role offers a hybrid work model, allowing a mix of remote work and on-site visits as well Key Responsibilities: • Governance and Compliance: • Assist organizations in designing, implementing, and maintaining robust GRC frameworks tailored to business needs. • Ensure compliance with ISO 27001 standards and other relevant industry regulations. • Develop and review policies, procedures, and risk management strategies. • Risk Management: • Conduct risk assessments and gap analyses to identify potential security and compliance risks. • Recommend risk mitigation strategies and monitor their implementation. • Audits and Assessments: • Prepare and lead clients through internal and external compliance audits. • Provide support during third-party audits and assessments. • Client Interaction: • Engage with clients to understand their specific GRC needs and offer tailored solutions. • Deliver presentations, training, and workshops to educate clients on GRC best practices. • Reporting and Documentation: • Create detailed reports and dashboards to provide insights into the organization’s compliance posture. • Maintain thorough documentation to support audits and ongoing compliance efforts. Required Qualifications and Skills: • Certification: ISO 27001 Lead Implementer Certified (Mandatory). • Knowledge of Frameworks: Comprehensive understanding of major GRC frameworks such as NIST, COBIT, GDPR, HIPAA, PCI DSS, and SOC 2. • Communication: Exceptional verbal and written communication skills in English. • Presentation Skills: Ability to present ideas and solutions clearly and professionally to diverse audiences. • Technical Skills: Familiarity with GRC tools and technologies is a plus. • Analytical Mindset: Strong analytical and problem-solving abilities to address complex compliance challenges. • Flexibility: Comfortable working in a hybrid environment and traveling to client locations within Delhi/NCR as required. Desired Traits: • Self-motivated and proactive approach to work. • Strong team player with the ability to work independently when needed. • Proven ability to manage multiple clients and projects simultaneously. Job Details: • Type: Full-time • Location: Delhi/NCR (Hybrid – Work from home with site visits as needed) • Compensation: Competitive salary based on experience and expertise.
Job Title: GRC Consultant (ISO 27001, SOC 2 & Pentesting) Location: Hybrid Experience: Minimum 5 Years Employment Type: Full-time / Contract (as applicable) Role Overview: We are seeking a highly motivated and experienced GRC Consultant with strong expertise in ISO/IEC 27001 and SOC 2 implementation and assessments. The ideal candidate should also have a solid understanding of penetration testing and be comfortable handling client engagements independently. This role will involve working closely with clients to assess, design, implement, and manage security governance frameworks, conduct audits, and provide actionable recommendations for compliance and risk mitigation. Key Responsibilities: Lead and conduct ISO 27001 and SOC 2 readiness assessments, gap analyses, risk assessments, and control validations Guide clients through ISMS implementation and SOC 2 Trust Services Criteria alignment Prepare and present reports, documentation, and dashboards for management and auditors Work directly with client stakeholders including CISOs, IT Heads, and Audit/Compliance teams Support clients in creating and refining security policies, procedures, and evidence collection Conduct or support penetration testing and vulnerability assessments as needed Coordinate with internal technical teams and external auditors Stay updated with global security compliance standards, frameworks, and threat landscape Assist in proposal writing and client scoping calls when needed Required Skills & Qualifications: Minimum 5 years of experience in Information Security / GRC roles Strong hands-on experience with ISO/IEC 27001 and SOC 2 frameworks Knowledge of risk management, data protection, business continuity, and audit lifecycle Experience conducting internal audits, security gap assessments, and control testing Basic to intermediate Pentesting skills (e.g., using Burp Suite, Nmap, Nessus, etc.) Excellent communication and client management skills Ability to work independently and drive deliverables in consulting environments Relevant certifications preferred: ISO 27001 LA, CEH, Security+, CISA, or equivalent Nice to Have: Experience with other compliance frameworks like HIPAA, PCI-DSS, GDPR Familiarity with cloud security standards (e.g., AWS, Azure benchmarks) Exposure to tools like Metasploit, OWASP ZAP, SIEM platforms, etc. Knowledge of risk scoring tools and GRC platforms (e.g., Archer, ServiceNow GRC)
Job Title: Senior Cybersecurity Compliance & Audit Specialist – CSCRF & Regulatory Audits Location: Delhi, India Experience:8–10 Years Job Type: Full-Time Position Overview We are seeking an experienced Cybersecurity Compliance & Audit Specialist with deep expertise in CSCRF System and conducting Cybersecurity Audits for Stock Exchanges under SEBI, RBI Cybersecurity Compliance Audits, IRDAI Cybersecurity Compliance Audits, and other Indian regulatory audits. The ideal candidate will have a proven track record in ensuring organizational compliance with complex regulatory frameworks, leading end-to-end audit engagements, and liaising effectively with regulators and senior stakeholders. Key Responsibilities • CSCRF Expertise: • Manage, operate, and optimize CSCRF systems for compliance reporting and monitoring. • Perform risk assessments and maintain CSCRF controls in alignment with SEBI guidelines. • Regulatory Cyber Audits: • Conduct and manage Cybersecurity Audits for Stock Exchanges under SEBI guidelines. • Perform RBI Cybersecurity Compliance Audits for banks, NBFCs, and financial institutions. • Lead IRDAI Cybersecurity Compliance Audits for insurance companies and intermediaries. • Conduct other Indian regulatory audits as applicable (CERT-In, MeitY, etc.). • Compliance Management: • Interpret regulatory requirements and map them to internal security controls. • Develop, implement, and monitor compliance policies, procedures, and technical controls. • Ensure timely reporting, audit documentation, and closure of compliance gaps. • Stakeholder & Regulator Engagement: • Work closely with senior management, IT security teams, and auditors to ensure readiness. • Liaise with regulators, stock exchanges, and external auditors during compliance reviews. • Audit Documentation & Reporting: • Prepare comprehensive audit reports, compliance dashboards, and risk assessment documents. • Maintain audit trails and ensure accurate record-keeping for regulatory inspections. Required Qualifications & Skills • Education: • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field. • Professional certifications preferred: CISA, CISM, CISSP, ISO 27001 LA/LI, PCI-DSS QSA. • Experience: • 8–10 years of experience in cybersecurity compliance and audits. • Demonstrated expertise in CSCRF system operations and SEBI-mandated compliance audits. • Strong track record in RBI, IRDAI, and other Indian regulatory cybersecurity audits. • Technical & Regulatory Skills: • Deep knowledge of Indian regulatory frameworks: SEBI, RBI, IRDAI, CERT-In, MeitY guidelines. • Strong understanding of ISO 27001, NIST, and other global security standards. • Hands-on experience with cybersecurity risk assessments, gap analysis, and remediation plans. • Soft Skills: • Strong communication and report-writing abilities. • Ability to handle high-pressure regulatory interactions. • Excellent analytical, problem-solving, and project management skills. Compensation & Benefits • Competitive salary aligned with industry benchmarks. • Health insurance and other statutory benefits. • Opportunities for professional development and certifications.
About Us: At GISPL, we are a dedicated team of cybersecurity experts and information security professionals committed to empowering organizations with robust, cutting-edge security solutions and services. Led by CEO Dr. Naveen Dham, our collective expertise spans over a decade, during which we have maintained an unwavering focus on safeguarding businesses from evolving cyber threats. With more than a decade of specialized experience in Cybersecurity Services and Solutions, we’ve established ourselves as a trusted partner for businesses across various sectors, including BFSI, ITeS, Telecom, Manufacturing, Hospitality, Pharma and Education. Our dedication to innovation and client satisfaction has been recognized through various accolades, including Most Admired Companies in India by Forbes Magazine and the India International Achievers Award. At GISPL, our passion lies in transforming cybersecurity from a challenge into a strategic advantage. We invite you to partner with us as we build resilient, future- ready security architectures because defending your organization is not just our job, it’s our purpose. Job Title: DLP Installation Specialist Experience: 1–3 Years Location: Hybrid Employment Type: Full time Job Summary: We are looking for a motivated and technically proficient professional with 1–3 years of experience in implementing and supporting Data Loss Prevention (DLP) solutions across endpoint, network, and cloud environments. The ideal candidate will have experience working on Windows, macOS, and Linux platforms and possess a strong understanding of data protection practices. Key Responsibilities: • Deploy, configure, and maintain DLP solutions across endpoints, network, and cloud environments. • Support the integration of DLP tools with existing IT and security infrastructure. • Implement DLP policies and rules based on organizational data protection requirements. • Monitor system performance and ensure effective policy enforcement across platforms. • Troubleshoot and resolve issues related to DLP installations and configurations. • Work collaboratively with cross-functional teams to ensure smooth rollout and operation of DLP controls. • Document configurations, procedures, and troubleshooting steps. • Provide basic training and support to end users and internal stakeholders. Required Skills & Qualifications: • 1–3 years of hands-on experience in installing and supporting DLP solutions. • Proven experience in deploying DLP across endpoint, network, and cloud environments. • Proficient in working with Windows, macOS, and Linux operating systems. • Basic understanding of data classification, data handling policies, and security best practices. • Strong analytical and troubleshooting skills. • Good communication skills and ability to work in a collaborative team environment. Preferred Qualifications (Nice to Have): • Knowledge of scripting for automation (e.g., PowerShell, Bash, etc.). • Exposure to broader data security technologies or frameworks. • Familiarity with incident response processes related to data loss events.
Job Title: Application Security Specialist Experience Required: 6–8 Years Location: Noida Job Type: Full-Time Department: Cyber Security Reporting to: Head/CISO Cyber Security. Role Overview: As an Application Security Specialist at one of our client, you will be responsible for embedding security into the development lifecycle of cutting-edge cloud-native and edge computing applications. You will collaborate with cross-functional teams to ensure secure design, development, and deployment of software products, while also contributing to the organization’s GRC initiatives. Key Responsibilities: Application Security (80%) • Lead the design and implementation of secure software development lifecycle (SSDLC) practices across product teams. • Conduct threat modelling and secure code reviews for applications built on Coredge platforms. • Integrate security tools (SAST, DAST, SCA) into CI/CD pipelines using DevSecOps practices and have a strong understanding of secure GitHub, Docker Hub etc. • Collaborate with developers to remediate vulnerabilities and promote secure coding. • Perform penetration testing and vulnerability assessments on web, and microservices-based applications. • Define and enforce application security policies aligned with Coredge’s product architecture. • Monitor emerging threats and recommend proactive security measures. • Lead incident response for application-level security breaches. • Collaborate with product managers and architects to ensure security requirements are embedded in product design. • Conduct regular security training and awareness sessions for developers and QA teams. • Evaluate and implement new security tools and technologies to enhance application security posture. • Maintain a vulnerability management program for applications, including tracking, reporting, and remediation. • Participate in bug bounty programs and coordinate with external researchers to validate and remediate findings. • Develop and maintain security dashboards and metrics to report on application security health. • Contribute to open-source security initiatives and represent Coredge.io in industry forums. Governance, Risk, and Compliance (20%) • Work with legal and compliance teams to ensure applications meet regulatory requirements (e.g., GDPR, HIPAA, DPDP). • Support internal and external audits related to application security and compliance. • Develop and maintain documentation for security policies, standards, and procedures. • Conduct risk assessments and contribute to enterprise risk management initiatives. • Ensure alignment of application security practices with broader GRC frameworks and corporate governance. • Collaborate with stakeholders to implement controls that meet compliance and regulatory standards (e.g., PCI-DSS, ISO 27001). • Track and report on compliance metrics and risk mitigation efforts. Preferred Qualifications: • Bachelor’s or Master’s degree in Computer Science, Information Security, or related field. • 6–8 years of experience in application security, software development, or penetration testing. • Strong understanding of OWASP Top 10, SANS CWE Top 25, and secure coding practices. • Hands-on experience with DevSecOps, container security (Kubernetes, Docker), and Infrastructure as Code (Terraform, CloudFormation). • Hands-on experience with tools like SonarQube, Trivy, Burp Suite, Checkmarx, Veracode, Kali Linux and GitLab CI/CD. • Proficiency in languages such as Java, Python, Go, or JavaScript. • Experience with DevSecOps and integrating security into Agile/DevOps workflows. • Knowledge of regulatory and compliance standards (e.g., DPDP, PCI-DSS, HIPAA, GDPR). • Mandatory Certifications such as CEH, OSCP, or GWAPT are highly desirable (Any one of them).
Job Description – Talent Acquisition Executive (Fresher / 1–2 Years) Location: Gurgaon (Work from Office only) Experience: Fresher / 1–2 years Type: Full-time About GISPL We are pleased to highlight that GISPL is CERT-In certified organization and has been rated as one of the Top Ten Most Promising Cyber Security Companies in India by Silicon India Magazine & Consultant of The Year 2020 by Business Connect Magazine. GISPL is the 1st Organisation to start its own TV Show on Cybersecurity Awareness to educate the masses on Times Now TV channel which is aired globally every week. About the Role We are looking for a dynamic and enthusiastic Talent Acquisition Executive to join our HR team. This role is ideal for someone who is eager to learn, explore new ideas, and grow within the HR domain. You will play a key role in sourcing, screening, and engaging with potential candidates, while also supporting employer branding initiatives. Key Responsibilities Source, screen, and shortlist candidates for various roles. Coordinate interviews and act as a point of contact for candidates throughout the hiring process. Support employer branding and promotions on professional platforms like LinkedIn. Create and share engaging digital content to boost hiring visibility. Maintain recruitment dashboards and reports. Collaborate with hiring managers to understand job requirements. Stay updated with recruitment trends and suggest innovative hiring practices. Requirements Fresher or 1–2 years of experience in Talent Acquisition or HR functions. Basic understanding of branding & promotions on LinkedIn or similar platforms. Ability to design simple, creative hiring content using digital tools. Tech-savvy, with the ability to quickly adapt to new platforms and tools. Excellent communication and coordination skills. Based in Gurgaon (Work from Office only). Most importantly – a strong learning mindset, curiosity, and eagerness to grow in HR.