GRC-Officer

Position Overview

Entry-Level GRC Analyst

GRC Manager/Specialist

Key Responsibilities

A. Compliance & Audit Support

• Evidence Collection:

  Assist in gathering, organizing, and maintaining compliance evidence for

  internal, external, and regulatory audits

  (RBI, SEBI, IRDAI, IT Act 2000, DPDP Act 2023, etc.).

• Policy Documentation:

  Support formatting, editing, version control, and maintenance of information security policies, standards, and procedures.

• Training Coordination:

  Track and coordinate mandatory information security awareness programs and simulated phishing campaigns, ensuring timely completion by employees.

B. Risk Management Assistance

• Risk Register Maintenance:

  Assist in updating the centralized Risk Register by documenting new risks, control ownership, and tracking remediation plans.

• Control Monitoring:

  Perform basic verification checks on key security controls such as system backups, patch management reports, and access reviews.

• Third-Party / Vendor Risk Management:

  Support vendor onboarding documentation, including security questionnaires, NDAs, and initial Vendor Risk Management (VRM) intake processes.

C. Governance & Reporting

• Prepare

  weekly/monthly compliance reports and dashboards

  using predefined templates.
• Assist in scheduling meetings, preparing presentations, and documenting minutes for

  Risk Management Committees and GRC working groups

  .
• Maintain accurate and up-to-date records within the organization’s

  GRC tools/platforms

  .

Required Qualifications & Skills

Education

• Bachelor’s degree in:
  
• B.Sc. / B.Tech / B.E. (Computer Science / IT)
  
• BBA / BMS (Finance / IT)
  
• Or equivalent discipline
  

Knowledge & Skills

• Basic understanding of

  Information Security fundamentals

  , including the

  CIA Triad

  (Confidentiality, Integrity, Availability).
• Strong

  attention to detail

  with excellent documentation and organizational skills.
• Good

  analytical ability

  to manage and cross-reference compliance data.
• Effective

  verbal and written communication skills

  for interaction with technical teams and business stakeholders.
• Proficiency in

  Microsoft Office / Google Workspace

  , especially

  Excel / Google Sheets

  for tracking and reporting.

Preferred Qualifications

• Certifications:

  ISO 27001 Foundation, CompTIA Security+ (or equivalent entry-level security certification).

• Regulatory Exposure:

  Academic coursework, internships, or projects involving

  DPDP Act, IT Act 2000, RBI or SEBI guidelines

  .

• Location Preference:

  Candidates residing in or near

  Goregaon, Mumbai

  .