Job
Description
Job Description: Lead GRC Governance, Risk, and Compliance Professional Location: Noida Sector 62 Experience required: 6+ Years Working Days: 6 Days working Position Overview: We are seeking an experienced Governance, Risk, and Compliance (GRC) professional who possesses deep knowledge in implementing security standards such as ISO 27001 and ISO 27701, along with expertise in frameworks like NIST, GDPR, DPDP Act, and data privacy practices. This role involves ensuring our organization's compliance with regulatory requirements and managing cybersecurity risks effectively. Responsibilities: Develop, implement, and maintain information security management systems (ISMS) aligned with ISO 27001 and privacy management systems (PIMS) aligned with ISO 27701. Conduct comprehensive risk assessments, identify security and compliance risks, and ensure adequate remediation and mitigation measures. Oversee compliance activities related to NIST cybersecurity frameworks, GDPR, DPDP Act, and other applicable regulations. Develop, manage, and deliver comprehensive compliance documentation, including policies, standards, procedures, and audit reports. Coordinate internal and external audits, prepare for and participate in audit engagements, and follow up on action items from audit findings. Serve as a primary advisor to business units on data privacy laws, regulatory compliance, and cybersecurity best practices. Establish and conduct regular training and awareness programs related to GRC topics for employees and stakeholders. Collaborate with legal, IT, and business teams to integrate GRC practices effectively across the organization. Continuously monitor regulatory environments and update compliance frameworks accordingly to ensure proactive compliance. Qualifications: Bachelor’s degree in Information Systems, Information Security, Law, Business Administration, or related field. 5-8 years of proven experience in Governance, Risk, and Compliance roles. Significant hands-on experience implementing and managing ISO 27001 and ISO 27701 standards. Solid understanding and practical experience working with NIST cybersecurity frameworks, GDPR compliance, and the DPDP Act. Certifications such as ISO 27001 Lead Auditor/Implementer, Certified Information Privacy Professional (CIPP), or similar are highly desirable. Excellent knowledge of data privacy principles and regulatory requirements. Strong analytical, problem-solving, and decision-making skills. Personal Attributes: Exceptional communication and interpersonal skills, with the ability to clearly articulate compliance and risk concepts. Highly organized with strong project management capabilities. Ability to work independently and collaboratively in a fast-paced environment. High level of integrity, discretion, and professionalism. Show more Show less
