Job
Description
This role is for one of the Weekday's clients Min Experience: 9 years Location: Mumbai JobType: full-time We are seeking an experienced and highly motivated GRC (Governance, Risk & Compliance) Lead to join our IT Security team. The ideal candidate will have a deep understanding of industry-standard frameworks such as ISO 27001 , NIST , and IT GRC practices, along with hands-on experience as a GRC Consultant . This role will be pivotal in driving our organization's risk and compliance posture and ensuring alignment with regulatory and corporate requirements. Requirements Key Responsibilities Governance, Risk, and Compliance Leadership: Lead and manage the IT GRC function, ensuring proper governance structures, policies, and controls are in place to support enterprise security and compliance objectives. Framework Implementation: Implement and maintain compliance frameworks including ISO 27001 and NIST Cybersecurity Framework. Ensure all policies, processes, and controls are aligned with these standards. Risk Management: Identify, evaluate, and mitigate risks across IT systems, infrastructure, and business operations. Oversee the creation and execution of risk treatment plans and risk registers. Security Policy & Process Development: Develop, update, and enforce IT security policies, standards, and procedures. Conduct periodic audits to ensure compliance. IT GRC Tools & Technology: Utilize GRC platforms and tools to automate and streamline compliance monitoring, reporting, and risk management processes. Internal & External Audit Support: Act as the primary point of contact for audits. Coordinate and facilitate IT audits and assessments, including evidence gathering and gap remediation planning. Awareness & Training: Conduct training and awareness programs for teams on GRC best practices, policies, and regulatory requirements. Stakeholder Engagement: Collaborate with cross-functional teams including Legal, Risk, IT, and Business to ensure comprehensive GRC integration across the organization. Required Skills And Qualifications 9-17 years of experience in Governance, Risk, and Compliance, with a strong focus on IT Security. Expertise in implementing and maintaining ISO 27001 and NIST Cybersecurity Framework. Proven experience in an IT GRC or GRC Consultant role, preferably in a mid to large-sized enterprise or consulting environment. Deep understanding of IT security principles, risk assessment methodologies, and control frameworks. Strong analytical and problem-solving skills with a proactive and risk-based approach. Experience with GRC platforms such as RSA Archer, ServiceNow GRC, or similar tools is a plus. Excellent communication, documentation, and presentation skills. Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor will be considered a strong advantage. Show more Show less
