GRC Analyst - Information Security

Pinkvilla is seeking a dynamic Information Security professional, who will play a key role in driving compliance programs, managing audits, supporting data protection initiatives, and ensuring third-party security risks are effectively identified and mitigated.

Key Responsibilities

Governance, Risk & Compliance (GRC)

• Develop, implement, and maintain information security policies, standards, and procedures.
• Conduct risk assessments and drive risk treatment/mitigation plans.
• Support security audits and ensure timely closure of findings.
• Monitor compliance with frameworks/standards such as ISO 27001, NIST, CIS
• Collaborate with security engineering and SOC teams on remediation of vulnerabilities, incident response, and security enhancements.
• Contribute to cross-functional security initiatives requiring governance, technical, and operational alignment.
• Provide training and awareness on security to drive security aware culture

Data Protection

• Identify and mitigate risks associated with processing of personal and sensitive data.
• Oversee data data classification, retention, and secure disposal practices.
• Lead initiatives around Data Loss Prevention (DLP) — including policy finetuning, incident monitoring, and working with stakeholders on data handling improvements.

Third-Party Risk Management (TPRM)

• Conduct security assessments and due diligence for vendors, partners, and service providers.
• Review and evaluate vendor security controls, certifications, and compliance posture.
• Manage the third-party risk lifecycle, including onboarding, periodic reviews, and issue remediation.
• Work with procurement, legal, and business teams to integrate security requirements into contracts and agreements.

Qualifications:

• Bachelor’s degree in Computer Science or Information Security or related field
• 4–6 years of experience in Information Security roles with focus on GRC, Data Protection, and TPRM.
• Strong understanding of security standards (ISO 27001, NIST, etc.).
• Experience conducting risk assessments, vendor due diligence, and compliance reviews.
• Good knowledge of data protection principles, privacy laws, and security best practices.
• Excellent documentation, communication, and stakeholder management skills.

Preferred Skills:

• Relevant certifications such as

  CISM, CISA, ISO 27001, CIPM, or CRISC

  .
• Experience with

  GRC tools

  (e.g., Archer, ServiceNow GRC, OneTrust, or similar).
• Knowledge of cloud security and SaaS vendor risk assessments.