GRC Manager / GRC Lead

• 2-3 years of experience in GRC, Information Security, or Compliance roles, preferably in a FinTech or financial services environment.
• Strong knowledge of PCI DSS, ISO 27001, SOC 2, GDPR, RBI guidelines, and other financial regulatory frameworks.
• Experience conducting internal audits, risk assessments, and compliance reviews.
• Familiarity with GRC tools and risk management frameworks (e.g., NIST, COSO, COBIT).
• Strong analytical, problem-solving, and stakeholder management skills.

Educational & Professional Credentials

• Bachelors degree in information technology, Computer Science, i.e. MSc Computer Science, B. Tech or Equivalent technical background.
• Certifications: CISA, CISM, CRISC, CISSP, ISO 27001 Lead Auditor, PCI ISA/QSA.
• Experience working with payment systems, digital banking, remittances, or forex operations.
• Knowledge of third-party risk management (TPRM) and security governance models.

Required Knowledge & Skills

Role Overview:

The GRC Manager will be responsible for establishing, implementing, and overseeing Governance, Risk, and Compliance frameworks within the company. This role ensures compliance with PCI DSS, ISO 27001, and other regulatory requirements, while also managing risks related to financial transactions, data security, and operational processes in a FinTech environment.

Governance & Compliance:

• Implement and maintain PCI DSS, ISO 27001, and other applicable compliance frameworks.
• Develop and enforce policies, procedures, and controls to meet regulatory and industry standards.
• Conduct periodic gap assessments and audits to ensure compliance with relevant security and privacy regulations (e.g., RBI guidelines, GDPR, etc.).
• Collaborate with internal teams (Security, IT, Legal, Product) to ensure compliance is embedded in all business processes.
• Stay updated on regulatory changes and proactively implement necessary compliance measures.

Risk Management:

• Develop and manage the Enterprise Risk Management (ERM) framework, identifying, assessing, and mitigating risks related to cybersecurity, operations, and third-party vendors.
• Conduct risk assessments and business impact analyses to identify vulnerabilities in processes and technology.
• Oversee third-party/vendor risk management to ensure compliance with security and privacy requirements.
• Monitor key risk indicators (KRIs) and report findings to senior management.

Audit & Incident Management:

• Lead internal and external audits related to PCI DSS and ISO 27001 compliance.
• Coordinate with auditors and regulators to address compliance gaps and implement corrective actions.
• Establish and oversee incident response protocols to ensure swift action in case of security breaches or compliance violations.
• Conduct root cause analysis (RCA) for compliance issues and implement continuous improvement measures.

Training & Awareness:

• Conduct employee training programs on risk, compliance, and security best practices.
• Promote a strong compliance culture within the organization through regular awareness campaigns.