GRC Lead - Information Security

Job Title

Location

Job Summary

We are seeking a proactive and detail-oriented GRC Lead to join our Information Security team. The ideal candidate will be responsible for driving all aspects of Information Security Governance, Risk, and Compliance (GRC) across the organization and its subsidiaries. This role requires close collaboration with Internal Audit for IS audits, management of ISO 27001 certification processes, and oversight of regulatory reporting and third-party risk management tools. The candidate will ensure that the companys IS governance framework aligns with business objectives and regulatory requirements.

Key Responsibilities:

Information Security Governance & Compliance

• Lead and manage the overall IS Governance framework, ensuring alignment with organizational policies and industry best practices.
• Coordinate with the Internal Audit team to facilitate smooth planning, execution, and closure of Information Security audits.
• Monitor and follow up on Action Taken Reports (ATRs) arising from IS audits to ensure timely remediation and closure.
• Manage and drive the ISO 27001 audit process for the business and its subsidiaries, including preparation, gap analysis, remediation, and certification renewal.
• Oversee compliance and alignment related to regulatory and stock exchange reporting requirements such as BRSR (Business Responsibility and Sustainability Report), CERT (Computer Emergency Response Team), MCX, BSE, and NSE.

Risk Management & Third-Party Assessments

• Manage the Third-Party Risk Management (TPRM) tool to conduct IS assessments and monitor privacy/security controls for vendors and partners.
• Collaborate with cross-functional teams to implement and maintain privacy and security controls based on TPRM findings.
• Continuously assess risks and recommend mitigation strategies to senior management.

Reporting & Documentation

• Prepare and present regular reports on IS governance, audit status, compliance metrics, and risk posture to senior leadership.
• Maintain comprehensive documentation related to IS policies, procedures, audit findings, and compliance activities.
• Ensure all IS governance activities comply with relevant legal, regulatory, and contractual obligations.

Qualifications & Experience

• Bachelors degree in Computer Science, Information Technology, Cybersecurity, or a related field. Masters degree or relevant certifications preferred.
• 7-10 years of experience in Information Security, Governance Risk and Compliance roles, preferably within large enterprises.
• Strong experience coordinating with Internal Audit teams and managing IS audits.
• Proven track record in managing ISO 27001 certification and audits.
• Familiarity with regulatory reporting requirements such as BRSR, CERT, MCX, BSE, NSE.
• Hands-on experience with Third-Party Risk Management tools and processes.
• Knowledge of privacy and security control frameworks and their implementation.
• Relevant certifications such as CISA, CISSP, CISM, ISO 27001 Lead Implementer/Auditor are highly desirable.

Skills & Competencies

• Excellent organizational and project management skills.
• Strong analytical and problem-solving abilities.
• Effective communication and stakeholder management skills.
• Ability to work independently and coordinate cross-functional teams.
• Detail-oriented with a strong commitment to compliance and governance.
• Proficiency in GRC and TPRM tools.