Grc Analyst

Role & responsibilities

Key Responsibilities:

• Lead the implementation and continuous improvement of enterprise-wide GRC frameworks aligned with fintech regulations and business objectives.
• Drive weekly, monthly, and quarterly risk and compliance reporting activities, including the development and maintenance of dashboards (e.g., key risk metrics including vulnerability management status, audit tracking, policy compliance, etc.).
• Prepare and deliver periodic risk and compliance updates to senior management and stakeholders.
• Execute internal IT governance controls related to IT General Controls (ITGC) landscape, ensuring primary control effectiveness across systems.
• Conduct security and compliance reviews during vendor onboarding, ensuring alignment with internal standards and regulatory requirements.
• Respond to and complete vendor risk assessments and due diligence questionnaires from external parties including merchants, banks, and card schemes.
• Oversee the creation, review, and periodic update of policy documents, SOPs, and other process documentation to reflect current practices and regulatory needs.
• Maintain and enhance the organizations risk register through regular assessments and issue tracking.
• Collaborate with HR, Admin, Legal, Engineering and Operations to implement and track effective controls across data privacy, cybersecurity, and operational risk areas.
• Contribute to risk awareness training, internal education campaigns, and a strong risk/compliance culture across the organization.

Qualifications & Skills:

• Bachelors or Master’s degree in Risk Management, Information Security, Finance, Business Administration, or a related field.
• 4-5 years of experience in GRC, audit, or risk & compliance roles, preferably within fintech or financial services.
• Strong knowledge of applicable regulatory frameworks and standards (RBI guidelines, PCI DSS, SOC 2, ISO 27001, GDPR, DPDPA etc.).
• Hands-on experience with GRC platforms and tools (e.g., Archer, Drata, Logic Manager, Vanta, or equivalent).
• Strong reporting and dashboarding skills using tools like Excel, Power BI, or equivalent.
• Excellent communication and stakeholder engagement skills, with he ability to present complex topics to senior management.
• Professional certifications (e.g., CISA, CRISC, CISM, ISO 27001 LA/LI) are preferred.

Preferred Attributes:

• Understanding of business continuity planning (BCP), vendor risk lifecycle, and internal control frameworks.
• Process-oriented, detail-driven, and capable of working independently in a high-growth, evolving environment.