GRC / Compliance Executive

About the Role

We are seeking a proactive and detail-oriented GRC (Governance, Risk & Compliance) Executive to strengthen our information security and regulatory compliance framework. The role involves maintaining ISO 27001 documentation, ensuring RBI and IT Act compliance, driving policies and SOP rollouts, and coordinating internal/external audits.

This position is ideal for candidates with a strong understanding of information security and NBFC regulatory requirements, who can translate compliance frameworks into effective operational practices.

Key Responsibilities

1. Information Security Governance (ISMS & Risk Management)

• Maintain and update ISMS documentation, policies, and control procedures in alignment with ISO 27001.
• Maintain and track the risk register, ensure periodic risk reviews, and drive closure of risk mitigation actions.
• Support ISMS internal audits, external certification audits, and management reviews.
• Maintain evidence for controls such as access management, data classification, asset management, and vendor compliance

2. Regulatory Compliance (RBI, IT Act, CERT-IN, etc.)

• Track and ensure compliance with applicable RBI Master Directions, IT Act 2000, CERT-IN guidelines, and other NBFC-specific requirements.
• Support timely submission of compliance reports and maintain evidence for regulatory reviews.
• Monitor updates from regulators and translate them into actionable compliance steps for relevant teams.
• Maintain an up-to-date compliance calendar for RBI and information security obligations

3. Policy and SOP Rollout

• Draft, review, and standardize security and compliance policies, SOPs, and guidelines across departments.
• Drive policy rollout programs coordinate communication, acknowledgment tracking, and training for employees.
• Periodically review and update policies/SOPs to reflect regulatory or business changes.
• Support awareness initiatives to improve organization-wide adherence to policies and security practices

4. Audit Coordination & Evidence Management

• Prepare and organize audit artifacts for internal, external, IT, and ISO audits.
• Coordinate with stakeholders to close non-conformities and maintain audit trail documentation.
• Maintain an updated audit tracker for ongoing and completed activities

Preferred Skills & Competencies

• Understanding of ISO 27001 framework, risk management, and ISMS documentation.
• Familiarity with RBI Master Directions, CERT-IN, IT Act, and NBFC compliance landscape
• Experience in drafting and rolling out policies and SOPs across functions.
• Strong Excel and documentation skills; ability to manage trackers, logs, and audit evidence.
• Excellent coordination, communication, and follow-up skills.
• Attention to detail, high integrity, and ownership mindset

Education & Qualifications

• Bachelor's degree in information technology, Computer Science or Commerce.
• Certifications (preferred but not mandatory): ISO 27001 LA/LI, CISA, CRISC, or other information security/compliance credentials

Why Join Us

• Be part of a fast-growing NBFC with strong focus on governance, security, and regulatory excellence.
• Opportunity to work closely with leadership on RBI, IT Act, and ISO 27001 compliance programs.
• Build hands-on expertise in policy governance, audit management, and regulatory operations

  .

Location: Mumbai

Working days: 5 days