28 It Grc Jobs

6+ years of IT Business Analyst experience with sound Risk and Compliance Good working knowledge in RCSA, OpRisk, ERM etc . Should have been part of any GRC implementation for any banks GRC concepts and BRD Share Your CV at tanya@praxists.co.in

Key Responsibilities: Perform audits and assessments of internal controls (regulatory compliance Audits, ISO 27001, NIST, GDPR, HIPAA, etc.). Conduct risk assessments and develop mitigation plans across IT and business processes.

Develop, implement, and maintain IT GRC policies, procedures, and frameworks. Conduct IT risk assessments in line with RBI/IRDAI/SBI frameworks and recommend mitigation measures. Monitor and report IT risk metrics. Align IT standards like ISO 27001,

Archer Developer o Be responsible for day-to-day technical administration of the RSA Archer platform o Lead the administration of items such as user accounts, data feeds, workflow & reports access etc. o Provide development / configuration support based on technical requirements o Own technical issues/problem resolution and request management o Execute test cases and document them o Support User Acceptance Tests and implement code into production o Define/configure questionnaires/workflows/forms/reports in Archer o Participate in and support Archer version upgrades o Install, test and deploy new applications in Archer o Work with service management and infrastructure teams as needed on technology upgrades, maintenance, and issue resolution o Conduct in-person and online training sessions for stakeholders as appropriate o Provide support when Production issues occur o Exp working as a RSA Archer Administrator o RSA implementation and integration experience o Exp with databases and managing multiple data feeds o Integration with other management tools Mandatory Skills: Archer. Experience: 5-8 Years. >

Key Responsibilities: • Define the overall GRC strategy, policies, standards, and procedures. • Oversee the identification, assessment, analysis, and prioritization of enterprise-wide risks, including operational, reputational, and cybersecurity risks. • Develop and implement robust risk mitigation strategies and controls • Monitor the effectiveness of risk management activities and report on the organization's risk posture to senior leadership and the Board. • Ensure the organization complies with all applicable laws, regulations, industry standards, and internal policies (e.g., data privacy regulations like DPDPA, RBI regulatory requirements and compliance) • Develop and manage compliance programs, internal audits, and assessments to identify and address compliance gaps. • Drive a strong governance culture by establishing clear accountability, transparency, and ethical conduct throughout the organization • Develop and implement governance policies and procedures to guide decision-making and operational processes • Develop meaningful GRC metrics, dashboards, and reports for various stakeholders, including executive management and the Board. • Collaborate closely with various departments, including Enterprise Risk, IT Operations, Legal, Finance and HR to integrate GRC principles into daily business operations. • Act as a trusted advisor to business on Infosec Risk and Compliance matters. • Thoroughly review of all incoming information security requests (e.g., user access, system configuration changes, firewall rules creation/modifications, software installations, data access, third-party system integrations) and approve them. • Assess requests for completeness, accuracy, and adherence to established information security policies, procedures, & guidelines and analyse potential security risks, impacts associated with each request, including data confidentiality, integrity, and availability. • Review and approve access requests to sensitive systems, applications, and data and validate justifications, roles, and least-privilege principles prior to approval. • Maintain a comprehensive understanding of evolving security threats, vulnerabilities, and regulatory changes related to upcoming technologies like Blockchain and AI to take informed approval decisions. • Review and recommend exceptions to security policies and standards, identify and document any residual risks associated with approved exceptions, and ensure that compensating controls are in place for recommended exceptions, documenting the rationale, validity period, and expiration tracking. • Communicate clearly and concisely with requestors, providing detailed explanations for approvals, denials, or requests for additional information. • Identify opportunities to streamline the request approval process, enhance efficiency, and improve security controls. • Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements • Provide guidance and mentorship to junior security team members. Technical Skills: • Deep understanding of GRC principles, methodologies, and best practices. • Strong analytical and problem-solving skills with the ability to identify, assess, and mitigate complex risks. • Excellent communication, interpersonal, and presentation skills, with the ability to articulate complex GRC concepts to diverse audiences (technical and non-technical, all levels of management). • Proven leadership and team management abilities, including the ability to influence and collaborate across departments. • Strategic thinking with a proactive approach to GRC challenges. • High level of integrity and ethical conduct. • Ability to manage multiple projects and priorities in a dynamic environment. • Proven track record of developing, implementing, and managing successful GRC programs in a complex organizational environment. • Strong experience with risk assessment methodologies, control frameworks, and compliance audits. • Experience with relevant regulatory frameworks (e.g., ISO 27001, NIST, SOC 2, PCI DSS, DPDPA, GDPR etc.). • Strong understanding of security domains (e.g., network security, data security, application security). • Understanding on cryptographic standards, application security, enterprise architecture, software development lifecycle etc. • Experience with security frameworks (e.g., MITRE, NIST, ISO). • Familiar in Vulnerability Management and Configuration Management with a commitment to staying current on emerging security threats and technological advancements. • Knowledge of identity and access management (IAM) concepts and technologies and Familiarity with role-based access control (RBAC) models and approval workflows. • Knowledge of cryptography, secure communication protocols, data encryption techniques, understanding of Key management process. • Deep understanding of security vulnerabilities exploits applications, infrastructure and APIs • Strong analytical and problem-solving skills. • Basic understanding of cloud security principles (AWS, Azure, GCP) is a plus. • Experience with ITSM or request/ticketing systems (e.g., ServiceNow, Jira, Remedy)

Experience Implementation of ISO 27001, GRC ITGC & IT Regulatory compliance Knowledge in ISMS, ITRS, Knowledge about regulators RBI, IRDA, SEBI Experience in PCI DSS, ISO 27001, SOC 2, GDPR, RBI guidelines Experience in audits & risk assessments.

3 - 15yrs exp in IT & IT Security across various levels Certified in ISO 27001: 2013 /ISO 22301:2019 Preferred Enterprise IT Governance including knowledge of IT risk management & controls Strong PPT creation & design Func as SPOC for IT GRC & Audits Required Candidate profile Manage establishment of operate & tech decision-making process to ensure IT svc are align to organization priorities & risk appetite Prep sec dashboards with KPIs, sec metrics for CISO presentations Perks and benefits +++ Mediclaim + 10% perf bonus + 30% Company Bonus

Permanent opportunity with an RBI-licensed FinTech company for professionals with 2-3 years of experience in GRC, InfoSec, or Compliance.Requires expertise in PCI DSS, ISO 27001, SOC 2, GDPR, RBI guidelines, & experience in audits & risk assessments.

Hello, We are looking for candidates who are Currently serving Notice Period or 30 Days Job Title: Associate - IT Governance & Compliance Reports to: Lead - IT Governance & Compliance Location: Mumbai Experience: 2-6 Years Relevant 1. Role Overview: The Associate of IT Governance & Compliance will be part of the development, implementation, and oversight of the organization's IT Governance, and compliance framework. This role ensures stringent adherence to regulatory mandates, particularly those issued by the Reserve Bank of India (RBI). The ideal candidate must demonstrate a comprehensive understanding of RBI regulations, IT to Business strategy alignment, IT Policies & Processes and Governance best practices within the financial sector. With a keen focus on regulatory compliance, this role will fortify the organization's IT operations, IT project management and safeguard its reputation. 2. Duties & Responsibilities: IT Governance Facilitate implementation of enterprise-wide IT policies, procedures, and standards. Facilitate automation of IT Processes. Coordinate integration of IT governance with broader enterprise governance structures, ensuring alignment with corporate objectives. Facilitate maintenance of governance frameworks in alignment with COBIT, ITIL etc driving adherence and continuous improvement. Collate IT governance metrics and report to IT Senior Management Regulatory and Compliance Assurance Facilitate full compliance with RBI regulations, industry standards, and internal policies. Facilitate maintenance of comprehensive IT compliance programs, proactively addressing regulatory changes. Facilitate regular compliance assessments, ensuring timely resolution of identified issues. Coordinate with regulatory bodies, ensuring accurate and timely reporting and communication IT Risk Management Facilitate a robust IT risk management framework. Track mitigation for potential IT risks, ensuring alignment with organizational goals and regulatory requirements. Track IT risk management initiatives, providing insights and recommendations to the management team Incident Management Track the IT & Security incidents and breaches, ensuring minimal impact on operations. Facilitate implementation of incident response procedures. Coordinate with key stakeholders to mitigate the impact of IT incidents, ensuring swift and effectiveresolution Imbibe a culture of continuous improvement, adopting and integrating best practices in IT governance, and compliance 3. Job Requirements: Professional Qualification : - Bachelor's degree in Information Technology, Computer Science, Business Administration, or a related field. A Masters degree or professional certifications (e.g., CISA, CISSP, CRISC) is preferred. - Minimum of 5 years of experience in IT governance, and compliance, with Lead IT GRC role within a financial services organization. - Strong understanding of IT governance and compliance frameworks, regulatory requirements, and compliance standards (e.g., ISO 27001, NIST, PCI-DSS).

Deputy Manager IT GRC (Governance, Risk, and Compliance) -Pune Summary Job Summary The Deputy Manager IT GRC (Governance, Risk, and Compliance) role at ENGIE India is crucial in ensuring the organization's Digital & IT landscape is secure, compliant, and aligned with business objectives This role involves developing, implementing, and managing IT GRC, risk management, and ensuring compliance with regulations and internal controls This is an individual contributor role based in Pune, India, with occasional onsite travel to support Digital & IT audits, Main Objectives The primary objective is to ensure the IT landscape is secure, compliant, and aligned with business goals This involves: Implementing comprehensive IT GRC strategies, Implementing INCOME framework for D&IT function Implement and Manage Risk management processes, Ensuring adherence to regulations and standards, Maintain Digital &IT internal control requirements Lead the Digital & IT Internal Control and Compliance Key Responsibilities Audit Preparation and Management: Prepare processes, teams, and documents for internal and external audits Track and remediate audit observations with corrective and preventive actions, Risk Management: Manage and track all technology-related risks for timely closure Oversee formal risk analysis and self-assessment programs for various systems and processes, Compliance : Ensure compliance with privilege access management processes and relevant IT regulations and standards, such as ISO 27001 and NIST CSF, Documentation and Communication: Maintain strong documentation and communication skills Ensure clear communication with stakeholders and effective conflict resolution, Implementing Initiatives: Coordinate with various departments to ensure smooth execution and monitor progress, Continuous Improvement: Foster a culture of continuous improvement within the IT GRC team, Stakeholder Engagement: Engage with key stakeholders, including management and department heads, to ensure IT GRC strategies are well-supported and integrated, Conducting Risk Assessments: Oversee comprehensive risk assessments to identify potential risks, Developing Mitigation Strategies: Implement controls and safeguards to reduce the likelihood and impact of risks, Monitoring and Reporting: Establish effective monitoring mechanisms and regularly report on risk status to management, Collaboration with Departments: Work closely with various departments to ensure effective implementation of risk management strategies, Adhering to Regulations: Ensure compliance with all relevant IT regulations and standards, Implementing Best Practices: Promote the adoption of industry best practices within the organization, Internal and External Audits: Conduct regular internal audits and manage relationships with external auditors and regulatory bodies, Policy Development: Develop and maintain comprehensive IT GRC policies, Coordination and Collaboration Cross-Departmental Collaboration: Collaborate with various departments to ensure effective implementation of GRC initiatives, Stakeholder Communication: Ensure stakeholders are informed about the progress and impact of GRC activities, Conflict Resolution: Resolve conflicts that arise during the implementation of GRC initiatives, Internal Audits: Conduct internal audits to assess the effectiveness of IT GRC controls and processes, Managing External Audits: Ensure the organization is well-prepared for external audits and address any findings promptly, Audit Preparation: lead the preparation for audits to ensure a smooth process, Addressing Audit Findings: Develop and implement action plans to resolve audit findings and prevent recurrence, Continuous Improvement: Use audit insights to drive continuous improvement in GRC practices, Regular Reporting: Provide regular reports on IT GRC activities to management and the board, Clear Communication: Ensure GRC-related information is communicated clearly and consistently, Training and Awareness: Promote awareness of GRC policies and practices within the organization through training sessions and resources, Technical Knowledge and Skills Understanding IT Systems: Strong understanding of IT systems, including Cloud services, IT-OT convergence, hardware, software, networks, and data management practices, Security Principles: Deep understanding of security principles, including encryption and access control, Risk Management Frameworks: Familiarity with frameworks such as ISO 31000 and NIST RMF, Emerging Technologies: Stay updated on emerging technologies and their impact on IT GRC practices, Technical Certifications: Relevant certifications such as CRISC are valuable, Compliance Knowledge Regulatory Requirements: Deep knowledge of relevant regulatory requirements, such as CEA guidelines, Internal Controls (ITGC), IT Act, Indian and global Energy sector compliance, GDPR, HIPAA, and SOX, Industry Standards: Familiarity with industry standards like ISO 27001 and NIST CSF, Compliance Assessment: Conduct regular compliance assessments and develop comprehensive compliance policies, Training and Awareness: Promote awareness of compliance requirements within the organization, Analytical and Problem-Solving Risk Analysis: Conduct formal risk analysis to identify potential vulnerabilities, Problem-Solving : Develop and implement effective solutions to mitigate risks, Data Analysis: Analyze data to identify trends, assess risks, and make informed decisions, Decision-Making: Make informed decisions based on risk and compliance analysis, Continuous Improvement: Promote a culture of continuous improvement in GRC practices, Qualifications and Experience Strong background in Information Technology, Cybersecurity, or a related discipline, Knowledge of frameworks like ISO 27001, NIST, GDPR, and HIPAA, 5-8 years in IT GRC, preferably in the Energy sector, Hands-On Experience: Identifying, assessing, and mitigating risks, Practical Application: Applying GRC principles in energy sector Behavioural Competencies Customer-Focused: Commitment to delivering high-quality service, Independent Work: Ability to work independently and make decisions in a fast-paced environment, Adaptability : Flexible to changing priorities and working outside regular hours when required, Requirements Work Environment & Physical Requirements Location: Pune, India, with intermittent travel to sites, Team Size: Individual Contributor role, Physical Activity: Extended periods of concentration, technical hands-on work, and physical activity during site visits, Reports to: Cyber Security & IT Infrastructure Manager Benefits Professional Growth: Continuous training and development opportunities, Impactful Projects: Work on large-scale projects in the energy sector, Work-Life Balance: Flexible and hybrid working options, Robust Benefits Package: Health insurance, OPD, dental, life and accidental death insurance, preventive health check-up, Diversity and Inclusion: Commitment to fostering a diverse and inclusive workplace, Safe Working Environment: Prioritizing safety in the workplace, Why Join ENGIE As a Deputy Manager IT-GRC at ENGIE, you will play a pivotal role in safeguarding and improving the Digital & IT landscape of a global leader in energy and sustainability Drive ENGIEs mission to achieve a carbon-neutral world through innovative technology solutions Join us to contribute to a sustainable future and be part of a transformative journey towards a more efficient and eco-friendly world, Visit us at engie, and engieindia, Business Unit: GBU Renewables Division: T&G AMEA India Legal Entity: ENGIE Energy India Private Limited Professional Experience: Skilled ( >3 experience <15 years) Education Level: Bachelor's Degree

Location: Gurgaon Sector 58 Preference: Candidates with experience in NBFCs Compensation: Up to 00 LPA Requirements: Strong communication skills, a compelling personality, and relevant profile exposure -----JOB DESCRIPTION--- For a role that encompasses IT GRC (Governance, Risk, and Compliance) along with IT Security Audit responsibilities, especially in the context of NIST, ISO 27001, SOC2, ITGC audit, RBI (Reserve Bank of India) regulatory compliance, IT Security Compliance, Business Continuity Management (BCM), Disaster Recovery (DR), and Vulnerability Assessment (VA), the roles and responsibilities would typically include: Governance, Risk, and Compliance (GRC): Develop and maintain IT governance frameworks aligned with industry standards and regulatory requirements. Establish and enforce policies, procedures, and controls to ensure compliance with applicable laws, regulations, and standards. Coordinate risk assessment and management activities across the organization. Monitor and report on compliance status to senior management and stakeholders. Facilitate audits and assessments to verify adherence to compliance requirements. Implement continuous improvement initiatives to enhance the effectiveness of GRC processes. IT Security Audit: Plan, coordinate, and conduct IT security audits based on regulatory requirements and industry best practices. Perform risk-based assessments of IT systems, networks, and applications to identify security vulnerabilities and weaknesses. Review and evaluate controls related to access management, change management, data protection, and incident response. Document audit findings, including recommendations for remediation and improvement. Collaborate with internal and external auditors to facilitate audit engagements and address audit findings. Track and monitor the implementation of audit recommendations to ensure timely resolution. Regulatory Compliance: Interpret and apply relevant regulatory requirements, including NIST Cybersecurity Framework, ISO 27001, and RBI guidelines. Conduct gap assessments against regulatory requirements to identify areas of non-compliance and develop remediation plans. Coordinate with business units and stakeholders to implement controls and measures to achieve compliance objectives. Prepare documentation and evidence to demonstrate compliance with regulatory requirements. Stay informed about changes in regulations and standards and assess their impact on the organization's compliance posture. IT Security Compliance: Establish and maintain IT security policies, standards, and guidelines in accordance with regulatory requirements and industry best practices. Conduct periodic reviews and assessments to ensure adherence to security policies and standards. Implement controls and measures to mitigate security risks and vulnerabilities. Monitor and analyse security events and incidents to detect and respond to security breaches. Provide guidance and support to business units on security compliance matters. Business Continuity Management (BCM) and Disaster Recovery (DR): Develop and maintain business continuity and disaster recovery plans aligned with organizational objectives and regulatory requirements. Run BCP/DR frameworks Conduct business impact analyses and risk assessments to identify critical business functions and dependencies. Coordinate the development, testing, and maintenance of BCM and DR plans. Ensure alignment between BCM/DR plans and IT systems, applications, and infrastructure. Provide training and awareness programs to ensure effective response and recovery during emergencies. Vulnerability Assessment (VA): Plan and execute vulnerability assessment activities to identify security weaknesses and vulnerabilities in IT infrastructure and applications. Utilize automated scanning tools and manual techniques to identify and prioritize vulnerabilities based on risk. Analyse and interpret scan results to provide actionable recommendations for remediation. Coordinate remediation efforts with IT teams to address identified vulnerabilities in a timely manner. Monitor and track the status of vulnerability remediation efforts and report on progress to stakeholders. In summary, this role involves a comprehensive approach to managing IT governance, risk, and compliance, along with conducting IT security audits, ensuring compliance with regulatory requirements such as NIST, ISO 27001, and RBI guidelines, and overseeing BCM, DR, and VA activities. Effective communication, collaboration, and coordination with various stakeholders are essential for success in this role. Digital Personal Data Protection Act (DPDPA) and GDPR Compliance: Interpret and ensure compliance with the provisions of the Digital Personal Data Protection Act (DPDPA) and the General Data Protection Regulation (GDPR), as applicable. Conduct data protection impact assessments (DPIAs) to identify and mitigate risks associated with the processing of personal data. Develop and maintain data protection policies, procedures, and controls to safeguard the privacy and confidentiality of personal data. Implement measures such as data encryption, pseudonymization, and access controls to protect personal data from unauthorized access and disclosure. Establish mechanisms for obtaining and managing consent for the processing of personal data in accordance with regulatory requirements. Monitor and respond to data subject requests (e.g., access requests, erasure requests) in compliance with GDPR and DPDPA requirements. Facilitate training and awareness programs to ensure compliance with data protection regulations and promote a culture of privacy within the organization. Collaborate with legal and compliance teams to address data protection issues and ensure alignment with regulatory requirements. Maintain records of processing activities and data protection measures to demonstrate compliance with GDPR and DPDPA obligations. Conduct regular audits and assessments to evaluate the effectiveness of data protection controls and identify areas for improvement. Competencies: Proactively contribute to leadership & handle work stress & people skills Strong analytical skills, problem solving skills, and project/program management skills Excellent communication skills working with all levels of management across the entire organization Ability to handle team strength and work cohesively Ability to act in Leadership position Work and stretch as required in corporate scenario Extrovert and Outspoken Experience Needed: 8+ years' demonstrable experience in IT security GRC management, IT security project management, IT & Data security policy management, and other security practices w.r.t Cloud Infra , Basic IT infra design and architecture Hands-on experience with designing, implementing and managing security IT GRC programs Past experience managing a small to mid-sized team Educational Requirements: Bachelor's degree or equivalent business experience in Computer Science, Business Management. Certified training in IT & Data security management, risk and compliance solutions and practices. CISSP, CISA, CISM, GSEC, CRISC, ISO 27K LA or related certification will be added advantage

Dear Candidate, Greetings. We are hiring for the role of Biso Helius Technologies Hyderabad. Work mode – Work from office Project – Singlife Exp – 10 to 15 years Please find the below JD for your reference. Role: BISO Work Location: Hyderabad (ODC) Key Responsibilities Focuses on Core BISO activities: Conduct Information Security Business Impact Assessments (ISBIA) for Projects, Applications, and Third-Party Outsourcing arrangements, aligning with Singlife Standards. Collaborate with Technology and Business units to evaluate the impact of control deficiencies. Lead the implementation of IS standards at the business level, ensuring alignment of procedures and practices with established standards. Collaborate in creating Risk Acceptances (RAs), Risk Exceptions (REs), and Corrective Action Plans (CAPs) using appropriate tools. Engage with Security Incident Response Teams to guide the resolution and closure of incidents, offering proactive recommendations. Generate periodic IS risk management reports, highlighting critical issues and proposing corrective action plans. Ensure adherence to IS standards and best practices across diverse disciplines. Support the business during audit reviews and regulatory inspections related to IS matters. Maintain vigilant oversight of IS programs, encompassing programs, policies, and associated reporting within the business landscape. Collaborate with business units to rectify non-compliance in processes, applications, and outsourcing activities. 1. 2. Act as a Business Partner Regularly communicate and interact with Management and Employees, enhancing understanding of IS-related programs, policies, and standards. Leverage the ISO network to share resources, extract best practices, and enhance operational efficiency. Validate compliance with security controls within business contracts. Evaluate the alignment of IS processes with business needs, particularly concerning software and internet usage. Conduct Information and Cyber Security Awareness training to fortify organizational preparedness. Partner with application managers or the Technology Information Security Officer (TISO) to address specific technical requirements. Stay relevant to evolving cybersecurity regulations (MAS, CSA, GIA, LIA) to provide subject matter expert feedback. Assess the impact of new and updated regulations promptly by partnering with the ISO, Technology & Operations community. 3. Other Requirements Demonstrate skill in delivering compelling presentations and managing complex programs. Display exceptional aptitude in consulting, problem-solving, and analytical capabilities. Exhibit a proactive, assertive, service-oriented demeanour while effectively functioning as a cohesive team player. Demonstrate the ability to manage concurrent tasks and prioritize effectively, even in conflicting timelines. Key Decisions within the Role Be the gatekeeper of the IS business impact assessments (ISBIA) processes and ensure applications within Singlife adhere to IS standards. Team Direct and indirect accountability for Information Security Officers Requirements Experience Minimum 10 years of experience in Information security. In areas such as security governance, risk management, application security design, security project management or security operation. • Professional Certifications CISSP, CISM, CISA, SANS, Cloud would be preferred. Education Bachelor’s degree in IT, Engineering or equivalent Skill Matirx- Skill Candidate's self- assessment (Score 1-5) Primary: InfoSec experience Secondary: Risk/Governance/Assurance framework Experience in conducting Infosec Training Excellent Communication/Presentation skills Infosec Certifications Primary: Cybersecurity regulations Secondary: Creation of Risk Acceptance/Risk Exceptions/CAPs Monetary Authority of Singapore (MAS) regulations Awareness of Security Control . Compliance Security Audits . Please revert with update profile if you find it interesting. Feel free to reach out for any queries. Role & responsibilities Preferred candidate profile

Job Overview: We are seeking a skilled and experienced IT Infrastructure and Governance, Risk, and Compliance (GRC) Specialist to join our team. The ideal candidate will have a proven track record in managing and optimizing IT infrastructure, Network while ensuring compliance with industry regulations and best practices. Person will be responsible for maintaining secure and efficient IT systems, as well as ensuring that governance, risk management, and compliance processes are effectively integrated within the organizations operations. Job Title: IT Infrastructure and GRC (Governance, Risk, and Compliance) Specialist Location: Gurgaon Job Type: Full-Time Experience Required: 5+ Years Key Responsibilities: IT Infrastructure Management: o Oversee the design, implementation, and maintenance of the organizations IT infrastructure, including servers, networks, storage, and On-prim systems. o Manage and optimize the performance, scalability, and security of IT systems. o Ensure high availability and disaster recovery plans are in place and tested regularly. o Troubleshoot and resolve infrastructure-related issues, ensuring minimal downtime. o Collaborate with cross-functional teams to assess and implement new infrastructure solutions. Governance, Risk, and Compliance (GRC) Management: Develop and implement GRC policies, processes, and controls to ensure adherence to regulatory requirements and industry standards (e.g., GDPR, HIPAA, ISO 27001). Conduct regular risk assessments and audits to identify potential vulnerabilities in IT systems and infrastructure. ¢ Assist in the creation of risk management frameworks and compliance strategies. ¢ Ensure that the organizations IT infrastructure aligns with compliance requirements and mitigates any risks. ¢ Maintain up-to-date knowledge of evolving GRC regulations and standards. Security & Risk Management: ¢ Work closely with the security team to implement robust security measures, including firewalls, intrusion detection systems, and encryption protocols. ¢ Monitor and report on compliance and risk levels within the IT infrastructure, making recommendations for improvements. ¢ Lead incident response and recovery efforts in case of security breaches or compliance violations. Documentation & Reporting: ¢ Maintain detailed documentation of IT infrastructure configurations, system changes, and GRC compliance activities. ¢ Prepare regular reports on IT infrastructure performance, risk assessments, compliance status, and incident management for senior management. ¢ Assist with audits by providing necessary documentation and evidence of compliance. Collaboration and Training: ¢ Collaborate with IT teams, legal, compliance, and business units to ensure compliance initiatives are integrated into all stages of IT project development. ¢ Provide training and guidance to staff on best practices for IT security, risk management, and compliance. ¢ Work with external auditors and consultants as needed for compliance reviews and assessments. Qualifications: ¢ Bachelors degree in information technology, Computer Science, Cybersecurity, or a related field. ¢ A minimum of 8 years of experience in IT infrastructure management, with a focus on governance, risk management, and compliance (GRC). ¢ Proven experience with GRC tools and frameworks, including risk assessments, audits, and regulatory compliance. ¢ Strong knowledge of IT infrastructure components (e.g., servers, networks, storage, on-prim services). ¢ Familiarity with industry standards and regulations (e.g., ISO 27001 etc). ¢ Solid understanding of security principles, firewalls, VPNs, and encryption technologies. ¢ Excellent problem-solving skills and ability to troubleshoot complex infrastructure issues. ¢ Strong communication and interpersonal skills, with the ability to collaborate effectively with both technical and non-technical teams.

Description: You'll be responsible for: Ensuring that cybersecurity risk management methods is embedded in Client operations, working with IT functions, other enabling functions, and the business lines across the member firm. Maintaining the operational cybersecurity risk register and Strategic Cyber Risk Dashboard for cybersecurity and provide regular updates to CISO leadership and where required, risk governance committees on the operational risks status. Managing the risk identification, analysis, assessment, treatment, and reporting deliverables, reporting the cybersecurity risk profile, and supporting security governance across the member firm. Providing expert security advice and consultation to our business lines and support functions. Support the work to ensure that GRC framework and methodology is embedded in Client operations, working with IT functions, other enabling functions, and the business lines across the member firm. Working with the business relationship management team, business line business advisers and programme managers to support operation cybersecurity risk management activity. Essential An established background as a security practitioner or consultant Experience in the development of the approach to information risk management and assurance Demonstrable understanding of the cybersecurity risk and controls inherent in various technologies and related security best practices Demonstrable ability to identify risks associated with business processes, operations, cybersecurity programs and technology projects Expert in the concept of strategic risk treatment, including risk avoidance or termination; risk reduction or modification; risk transference or sharing; risk acceptance or tolerance and retention. Have a knowledge and understanding of various Cybersecurity / Information Assurance Frameworks, such as NIST CSF. Have a clear knowledge of security standards, methodologies, or frameworks such as ISO27001 or COBIT Demonstrable ability to work in a fast-paced, deadline driven environment. Excellent verbal and written communication skills with the ability to effectively articulate complex technical terms to both technical and non-technical audiences Demonstrated excellence in a variety of competencies including teamwork, collaboration, analytical thinking, communication and influencing skills, and technical expertise. Desirable Industry accreditation like Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC) Experience in developing and delivering a cybersecurity risk management framework and methodology within an organisation. Demonstrable understanding and experience in delivering service management techniques and tooling in line with ITILv4.

Dear Candidate, We are hiring an IT Risk Analyst to identify, assess, and mitigate risks to the organization's information systems and data. This role supports compliance initiatives and strengthens the IT risk management framework. Key Responsibilities: Conduct IT risk assessments, gap analysis, and control evaluations. Develop mitigation strategies for identified security and compliance risks. Monitor regulatory changes and ensure adherence to frameworks (e.g., NIST, ISO 27001). Prepare risk reports, scorecards, and presentations for stakeholders. Collaborate with audit, security, and IT teams on risk response plans. Required Skills & Qualifications: Experience in IT risk, governance, or audit. Familiarity with frameworks like NIST, COBIT, ISO 27001, and SOX. Analytical skills to evaluate threats, vulnerabilities, and control gaps. Excellent documentation and stakeholder communication abilities. Certifications such as CRISC, CISA, or CISSP are a plus. Soft Skills: Strong troubleshooting and problem-solving skills. Ability to work independently and in a team. Excellent communication and documentation skills. Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Reddy Delivery Manager Integra Technologies

Req ID: 327248 We are currently seeking a Archer IRM Developer to join our team in Noida, Uttar Pradesh (IN-UP), India (IN). Configure and develop solutions for customers on the Archer IRM platform Configure and develop integrated solutions for customers using the Archer IRM platform utilizing additional industry standard applications including SSO, web services integrations, import sets and table polling Design and configure complex configurations including advanced workflow, questionnaires, layouts, reports, data feeds and data imports, campaigns, dashboards, notifications, package installation and workflows, etc. Support and escalate issues and defects related to specific customer environments as required, provide incident support as required Perform system and unit testing, document results Develop documentation as required, per operational processes Follow the engagement model as determined by the engagement manager for projects, as needed Follow the standardized project implementation methodology

10+ yrs exp IT & IT Security Certified in ISO 27001: 2013 Enterprise IT Governance including knowledge of IT risk management and controls Strong power point presentation creation and design Func as SPOC for IT GRC & Audits Team Leading Exp preferable Required Candidate profile Manage establishment of operate & tech decision-making process to ensure IT svc are align to organization priorities & risk appetite Prep sec dashboards with KPIs, sec metrics for CISO presentations Perks and benefits Mediclaim + additional 10% performance bonus

BE, B.Tech, MSc (Information Technology), CISA, CISSP, CEH General Description: Candidates must possess hands-on audit experience in IT general controls. As Information Technology Auditor, you will examine, evaluate and verify policies, procedures and internal controls around information systems and networks. Exposure to ISO27001, SSAE16, Vulnerability Assessment and Penetration Testing, Security Technologies is an added advantage. Responsibilities: Timely completion of information technology and information security audits in a manner that is consistent with the professional standards set by Qadit. Adequately analyze and document all information systems and related controls, and develop an appropriate audit program to test the controls identified. Evaluate the adequacy of security and processing controls as they relate to each audit, and the effectiveness of general IT controls in effect in the IT environment. Review the means of safeguarding information assets and monitor ongoing performance metrics established by the IT and Security Departments of clients. Prepare audit work papers according to established corporate guidelines and industry standards, and as applicable create audit reports. Maintain and enhance audit work paper templates. Maintain active communication with clients to manage expectations, ensure satisfaction, make sure deadlines are met, and lead change efforts effectively. Team with partners and senior managers on proposals and business development calls. 1. Conducting vulnerability assessments & penetration testing analyzing related reports. 2. Running VA PT tools 4. IT general computer controls audits Position will be based in Chennai, but will need to travel extensively both within and outside India. Role Summary Support IT audits, risk assessments, and compliance tasks in the IT GRC domain. B.E./B.Tech (CS/IT/ECE), B.Sc/M.Sc (IT/CS), or B.Com/BBA with interest in IT GRC audit. Key Skills Basic understanding of ISO 27001 and other security frameworks including SOC 2, GDPR and HIPAA, audits, MS Office; good communication and analytical skills. Pursuing CISA, ISO 27001 Foundation, or DISA is a plus. Not mandatory; freshers are welcome. Hands-on exposure to cybersecurity, compliance, and IS audit under expert guidance. Lead and execute IS audits, risk assessments, and compliance reviews within the GRC framework. Graduate in B.E./B.Tech (CS/IT), B.Sc/M.Sc (IT/CS), or equivalent. Upto 2 years in information security, IT audit, or risk/compliance roles. Strong knowledge of ISO 27001 and other security frameworks including SOC 2, GDPR and HIPAA, ITGC, regulatory frameworks (RBI, SEBI), audit tools, and MS Office. CISA, DISA, ISO 27001 Lead Auditor (preferred). Opportunity to lead audits, enhance GRC maturity, and work with senior stakeholders in a dynamic environment.

Opportunity for a remote role. Experienced in GDPR, HIPAA, PCI-DSS, ISO 27001, SOC 2 compliance. Led implementation and maintenance of compliance programs including TPRA. Skilled in IT audit planning, ISO 27001 audits, and reporting.

Hiring GRC Consultant : MNC Client : Mumbai (Powai Location). Required Experience: 3+Years Notice Period: Immediate -1week Skills Required: Strong in GRC (Governance, Risk, and Compliance). Strong in ISO 27001, NIST, and Indian regulatory frameworks.

Dear Candidate, We are hiring an IT Security Consultant to help assess, design, and implement robust cybersecurity strategies for clients. Ideal for professionals with deep knowledge of security standards and hands-on defense experience. Key Responsibilities: Conduct security assessments and risk analysis Design and implement security controls, policies, and frameworks Guide clients on compliance with ISO 27001, NIST, SOC2, etc. Lead incident response and security awareness initiatives Required Skills & Qualifications: Experience in network, application, and cloud security Knowledge of IAM, SIEM, firewalls, and encryption Strong consulting, communication, and client-facing skills Bonus: Security certifications (CISSP, CISM, CEH) Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Dear Candidate, We are hiring an IT Compliance Analyst to ensure adherence to regulatory standards and internal security policies. Perfect for detail-oriented professionals with a risk and governance mindset. Key Responsibilities: Monitor IT processes for compliance with SOX, GDPR, HIPAA, etc. Conduct audits, risk assessments, and gap analyses Collaborate with security, legal, and IT teams Maintain documentation and support policy enforcement Required Skills & Qualifications: Knowledge of IT compliance frameworks (ISO 27001, NIST, COBIT) Experience with audit processes and risk management Strong communication and analytical skills Bonus: Certification (CISA, CRISC, or similar) Note: If interested, please share your updated resume and preferred time for a discussion. If shortlisted, our HR team will contact you. Kandi Srinivasa Delivery Manager Integra Technologies

Job Description: IT GRC Analyst I Department: Information Technology Reports To: Senior IT GRC Analyst Location: 100% Remote Experience: 10+ Years Job Summary: We are seeking a dedicated IT GRC (Governance, Risk, and Compliance) Analyst I to join our dynamic IT team. The primary responsibility of this entry-level role is to assist in ensuring that IT operations are in compliance with regulatory requirements and internal policies, with a particular emphasis on supporting Sarbanes-Oxley (SOX) audits. The IT GRC Analyst I will support risk assessments, policy development, compliance monitoring activities, and SOX audit preparations. Key Responsibilities:* Assist in the development, implementation, and maintenance of IT policies and procedures. Conduct regular risk assessments and audits to ensure compliance with regulatory standards and internal policies, with a focus on SOX controls. Support the IT team in identifying, evaluating, and mitigating IT risks. Monitor compliance with security policies and procedures to ensure a secure environment. Collaborate with different departments to ensure integrated risk management practices. Assist in preparing and executing SOX IT control reviews, documenting compliance efforts, and maintaining records of SOX controls. Provide support in responding to internal and external SOX audits and regulatory assessments. Recommend improvements to SOX controls and processes to enhance the overall security posture. Maintain up-to-date documentation of IT GRC activities, compliance reports, and SOX audit evidence. Qualifications: Bachelor's degree in Information Technology, Computer Science, or a related field. Basic understanding of IT GRC principles, regulatory requirements, risk management frameworks, and SOX compliance. Strong analytical and problem-solving skills. Excellent written and verbal communication skills. Ability to work collaboratively in a team environment. Basic knowledge of security standards (e.g., ISO 27001, NIST, GDPR, HIPAA) and SOX compliance requirements is a plus. Relevant certifications (e.g., CISA, CRISC, CISSP) are desirable but not required for entry-level applicants. Experience: Entry level; 0-2 years of experience in IT risk management, compliance, or a related field, preferably with exposure to SOX compliance activities.

Role & responsibilities 1. Conducting and managing IS Audits - Conduct risk assessments, identify control weaknesses, and provide recommendations to strengthen internal controls. 2. Identify and assess risks related to IT operations, cybersecurity, and data management. 3. Monitor the adherence with relevant laws, regulations and best practices with respect to IT systems. 4. Excellent communication and interpersonal abilities. 5. Analytical mindset with attention to detail. 6. Advanced knowledge of audit methodologies and practices. 7. Ability to navigate complex regulatory environments. 8. Collaborate with other departments to ensure a coordinated and integrated approach to risk management and compliance. 9. Stay abreast of industry trends, regulatory changes, and best practices to enhance the internal audit function. 10. Prepare and present detailed audit reports to senior management highlighting key findings and recommendations. Work closely with assurance function (risk and compliance) and other stakeholders to facilitate audits and examinations. Preferred candidate profile Bachelors degree in information technology, Computer Science, or related field. Minimum of 5-7 years of experience in auditing information systems, preferably with BFSI. In-depth knowledge of RBI master direction on IT GRC & IT outsourcing. Strong understanding of IT governance, risk management, and compliance. Excellent analytical and problem-solving skills. Ability to work independently and manage multiple audits simultaneously. Strong communication and interpersonal skills. Proficiency in MS Office is a MUST Experience (5+ years) in IT audit within the Banking / Non-Banking Financial Company (NBFC) sector. Experience with auditing ITGC & ITAC controls for BFSI Infrastructure setup & applications

Job Summary The Deputy Manager - IT GRC (Governance, Risk, and Compliance) role at ENGIE India is crucial in ensuring the organization's Digital & IT landscape is secure, compliant, and aligned with business objectives. This role involves developing, implementing, and managing IT GRC, risk management, and ensuring compliance with regulations and internal controls. This is an individual contributor role based in Pune, India, with occasional onsite travel to support Digital & IT audits. Main Objectives The primary objective is to ensure the IT landscape is secure, compliant, and aligned with business goals. This involves: Implementing comprehensive IT GRC strategies. Implementing INCOME framework for D&IT function Implement and Manage - Risk management processes. Ensuring adherence to regulations and standards. Maintain Digital &IT internal control requirements Lead the Digital & IT Internal Control and Compliance Key Responsibilities Audit Preparation and Management: Prepare processes, teams, and documents for internal and external audits. Track and remediate audit observations with corrective and preventive actions. Risk Management: Manage and track all technology-related risks for timely closure. Oversee formal risk analysis and self-assessment programs for various systems and processes. Compliance : Ensure compliance with privilege access management processes and relevant IT regulations and standards, such as ISO 27001 and NIST CSF. Documentation and Communication: Maintain strong documentation and communication skills. Ensure clear communication with stakeholders and effective conflict resolution. Implementing Initiatives: Coordinate with various departments to ensure smooth execution and monitor progress. Continuous Improvement: Foster a culture of continuous improvement within the IT GRC team. Stakeholder Engagement: Engage with key stakeholders, including management and department heads, to ensure IT GRC strategies are well-supported and integrated. Conducting Risk Assessments: Oversee comprehensive risk assessments to identify potential risks. Developing Mitigation Strategies: Implement controls and safeguards to reduce the likelihood and impact of risks. Monitoring and Reporting: Establish effective monitoring mechanisms and regularly report on risk status to management. Collaboration with Departments: Work closely with various departments to ensure effective implementation of risk management strategies. Adhering to Regulations: Ensure compliance with all relevant IT regulations and standards. Implementing Best Practices: Promote the adoption of industry best practices within the organization. Internal and External Audits: Conduct regular internal audits and manage relationships with external auditors and regulatory bodies. Policy Development: Develop and maintain comprehensive IT GRC policies. Coordination and Collaboration Cross-Departmental Collaboration: Collaborate with various departments to ensure effective implementation of GRC initiatives. Stakeholder Communication: Ensure stakeholders are informed about the progress and impact of GRC activities. Conflict Resolution: Resolve conflicts that arise during the implementation of GRC initiatives. Internal Audits: Conduct internal audits to assess the effectiveness of IT GRC controls and processes. Managing External Audits: Ensure the organization is well-prepared for external audits and address any findings promptly. Audit Preparation: lead the preparation for audits to ensure a smooth process. Addressing Audit Findings: Develop and implement action plans to resolve audit findings and prevent recurrence. Continuous Improvement: Use audit insights to drive continuous improvement in GRC practices. Regular Reporting: Provide regular reports on IT GRC activities to management and the board. Clear Communication: Ensure GRC-related information is communicated clearly and consistently. Training and Awareness: Promote awareness of GRC policies and practices within the organization through training sessions and resources. Technical Knowledge and Skills Understanding IT Systems: Strong understanding of IT systems, including Cloud services, IT-OT convergence, hardware, software, networks, and data management practices. Security Principles: Deep understanding of security principles, including encryption and access control. Risk Management Frameworks: Familiarity with frameworks such as ISO 31000 and NIST RMF. Emerging Technologies: Stay updated on emerging technologies and their impact on IT GRC practices. Technical Certifications: Relevant certifications such as CRISC are valuable. Compliance Knowledge Regulatory Requirements: Deep knowledge of relevant regulatory requirements, such as CEA guidelines, Internal Controls (ITGC), IT Act, Indian and global Energy sector compliance, GDPR, HIPAA, and SOX. Industry Standards: Familiarity with industry standards like ISO 27001 and NIST CSF. Compliance Assessment: Conduct regular compliance assessments and develop comprehensive compliance policies. Training and Awareness: Promote awareness of compliance requirements within the organization. Analytical and Problem-Solving Risk Analysis: Conduct formal risk analysis to identify potential vulnerabilities. Problem-Solving : Develop and implement effective solutions to mitigate risks. Data Analysis: Analyze data to identify trends, assess risks, and make informed decisions. Decision-Making: Make informed decisions based on risk and compliance analysis. Continuous Improvement: Promote a culture of continuous improvement in GRC practices. Qualifications and Experience Strong background in Information Technology, Cybersecurity, or a related discipline. Knowledge of frameworks like ISO 27001, NIST, GDPR, and HIPAA. 5-8 years in IT GRC, preferably in the Energy sector. Hands-On Experience: Identifying, assessing, and mitigating risks.