IT GRC

Role Description:

The GRC Analyst will support IT and Business teams in navigating security, compliance, and regulatory requirements. They will act as a liaison between local IT and business lines in ensuring adherence to key regulations and frameworks such as DORA, GDPR, NIS2, ISO 27001, and AI directive. The role includes conducting security risk assessments and managing IT projects, audits, and regulatory inspections.

Key Accountabilities & Responsibilities:

• Conduct and manage security risk assessments, identifying risks in projects and daily activities.
• Collaborate with IT operations, architecture, and development teams to enforce secure practices and build resilient security architecture.
• Act as a main point of contact for audits, regulatory inspections, and third-party security reviews.
• Manage the IT supplier registry, application landscape, IT Norms landscape, and IT risk register.
• Deploy the IT third-party management framework and follow up on audit findings.
• Maintain ongoing compliance assessments and manage yearly compliance planning.

Key Competencies & Skills required

Technical Skills:

• Knowledge of ISO 27001
• Basic knowledge of NIST SP 800-53
• Risk management experience
• IT audit handling experience

Nice to have:

• ISO 27001 certification
• CISSP certification

Behavioral Skills:

• Good interpersonal, communication and organizational skills relevant to the role.
• Willingness to learn and quickly adapt to changing requirements.
• Proactive approach to identifying issues and presenting solutions and options
• Ability to direct and guide teams as relevant

Previous Experience & Qualifications

Minimum Educational Qualification:

• Bachelors or Masters degree in Computer Science /Engineering/Information Technology
• Candidate with non-computer science degree must have minimum 1 year of relevant experience
• MBA in IT / Insurance/Finance can also apply for Requirements Engineer and Test Engineer role.

Years Experience & Knowledge:

• 3 – 5 Years of Experience.