GRC/Assistant Manager

Key Responsibilities:
As a part of our Cyber strategy team, you will build and nurture positive working relationships withteams and clients with the intention to exceed client expectations.• Develop, implement, and maintain risk and governance frameworks.• Guide teams/Handle client information security posture, identify the gaps/risks in theexisting environment and develop solutions to mitigate the identified gaps/risk.• Recommend security solutions and enhancements aligned with business goals and threatlandscape.• Conduct security risk assessments of third-party vendors and service providers.• Define TPRM frameworks and integrate them into the overall risk management program.• Perform cybersecurity maturity assessments using established frameworks such as NISTCSF, NIST-800-53, ISO 27001• Frontend teams for ISO 27001 based Information Security Management Systemimplementation and sustenance-based projects.• Lead risk identification, evaluation, mitigation, and monitoring activities.• Deliver actionable insights and improvement roadmaps based on assessment results.• Understand and evaluate application security architectures, including secure SDLCpractices, threat modelling and secure coding standards.• Plan, execute, and report on comprehensive IT and OT security audits.• Lead teams or work as team member to conduct Information Systems audits covering ITinfrastructure assets.• Manages security and cyber strategy projects, guides the team on a day-to-day basis andensures that assigned tasks and responsibilities are fulfilled in a timely fashion.• Responsible to assist client in review / implement Information Security controls in areas asmentioned, but not limited to: Change management process, Incident management

Technology & Transformation
Cyber: Strategy & Transformation | AD & Below

process, Backup process, User identity and access management, Antivirus management,
SLA performance and monitoring, Media handling & Exchange of information, Physical andenvironmental Security, and Media & Information Handling.• Conduct and support PCI DSS assessments and gap analysis.• Provide guidance for remediation efforts to ensure ongoing compliance.• Demonstrates understanding of complex business and information technologymanagement processes.• Ensure compliance with cybersecurity guidelines and regulations issued by RBI, SEBI,IRDA, BCAS, NCIIPC, and other relevant bodies.• Track evolving regulatory requirements and integrate changes into the cybersecurityprogram.• Understanding of cloud service models and security controls across major platforms (AWS,Google Cloud, Azure).• Plan and execute ITGC control testing covering areas such as access management, changemanagement, and operations controls. Identify control gaps and support remediationefforts.• Interacts with clients, managers, and partners to build and nurture strong relationships.• Tailors firm tools and methodologies as per client requirements.

Desired qualifications
• B. E/ B-Tech (Tier 1/2) or masters degree in information security, Computer Science, or arelated field• Professional certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ISO 31000LA/LI, ISO 22301 LA/LI, CISA, ITIL or PCI QSA are preferred.• 4-9 years of relevant experience in cybersecurity consulting, risk management, andcompliance.• In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001,COBIT).• Strong analytical, communication, and stakeholder management skills