2 Itgc Reviews Jobs

Job Description: Senior GRC Analyst Location: Mumbai, India Department: Information Security, Risk & Compliance Reports To: CISO ? About Si Creva Capital Services Si Creva Capital Services Pvt. Ltd. is a leading NBFC engaged in digital lending, supported by OnEMI Technology Solutions as its Lending Service Provider. With a strong focus on compliance, operational resilience, and customer trust, we are ISO 27001 and SOC 2 compliant and adhere to RBIs Master Directions on IT Outsourcing, Digital Lending, and other regulatory frameworks. ? Role Overview The Senior GRC Analyst will play a key role in strengthening the Governance, Risk, and Compliance (GRC) function at Si Creva. The individual will oversee compliance with regulatory frameworks (RBI Digital Lending Directions, IT Outsourcing Directions, DPDP Act, ISO 27001, SOC 2), conduct risk assessments, manage audits, and enhance our security and compliance posture. This role requires strong analytical skills, regulatory knowledge, and the ability to coordinate with multiple stakeholders (tech, business, legal, and third-party vendors) to ensure a robust risk management framework. ? Key Responsibilities Governance & Compliance Ensure compliance with RBI Master Directions on IT Outsourcing, Digital Lending, and Cybersecurity for NBFCs. Maintain and update internal policies (Information Security, Data Privacy, BCP-DR, Access Control, Asset Management, etc.) aligned with ISO 27001 & SOC 2. Support implementation and compliance with the Digital Personal Data Protection (DPDP) Act, 2023. Conduct periodic compliance reviews of internal processes and third-party vendors. Risk Management Perform Risk Assessments, Risk Treatment Plans, and Risk Registers across information assets, applications, and third-party relationships. Map risks to Confidentiality, Integrity, and Availability (CIA) and criticality of assets. Monitor and report on Key Risk Indicators (KRIs) and prepare dashboards for management review. Support enterprise-wide IT and Operational Risk Management Frameworks. Audit & Assurance Coordinate and manage internal and external audits (ITGC, VAPT, SOC 2, ISO 27001 surveillance, statutory audits). Prepare and maintain evidence for AWS Artifact, vendor attestations, bridging letters, and regulatory inspections. Draft and track management responses to audit observations. Drive closure of non-compliance findings and report status to senior management. Third-Party Risk Management Conduct vendor due diligence and periodic security assessments of LSPs, DLAs, and technology partners. Ensure outsourcing agreements contain information security and data privacy clauses as mandated by RBI. Track and monitor vendor compliance (penetration test reports, data localization attestations, certifications). Business Continuity & Incident Management Support BCP/DR drills (AWS Mumbai as Primary, Hyderabad as DR site, RPO 0, RTO 60 min). Participate in Incident Response handling, root cause analysis, and regulatory reporting. Maintain playbooks for Crisis Management, Data Breach Notifications, and CERT-In coordination. ? Qualifications & Skills Education & Certifications Bachelors degree in Information Security, Computer Science, or related field. Preferred certifications: ISO 27001 LA, CISA, CISM, CISSP, CCSK, or RBI Cybersecurity Framework knowledge. Experience 36 years of experience in Information Security / GRC / Risk / Compliance within BFSI, NBFC, or Fintech sector. Strong understanding of regulatory frameworks (RBI, DPDP Act, IT Act, SPDI Rules, PCI-DSS optional). Hands-on experience in ISO 27001, SOC 2 audits, vendor risk management, and ITGC reviews. Core Competencies Strong knowledge of AWS security controls (IAM, encryption, CloudWatch, GuardDuty, Macie). Excellent skills in audit management, risk assessments, and policy documentation. Strong interpersonal and communication skills for working with auditors, regulators, and internal teams. Analytical thinker with ability to interpret regulations into actionable controls. ? What We Offer Exposure to a dynamic and fast-growing digital lending ecosystem. Opportunities to work on growing compliance and data protection frameworks. Collaborative work environment with focus on professional growth and certifications. Show more Show less

As an Internal Auditor at Justdial Ltd in Bangalore, you will be responsible for projects in IT Advisory focusing on the assessment and evaluation of IT systems, along with the mitigation of IT-related business risks. Your role will involve IS audit, ITGC reviews, internal audit engagements, IT infrastructure review, and risk advisory, including supporting IT audit activities. Your responsibilities will include coordinating and managing statutory external audits for SOX (ITGC), providing management reports by collecting and analyzing audit information, conducting ISMS security awareness training programs within the organization, and supporting the Information Security Manager in managing and mitigating risk assessments. You will also be involved in implementing ISO 27001 controls across the organization, conducting risk assessments and gap analyses for ISO 27001/IT General Control, and performing internal audits for various business functions. Additionally, you will conduct data center audits as per ISO 27001 standards, develop and review information security policies and procedures, handle end-to-end ITGC statutory audit requirements, assist in the implementation of ISO 27001:2013 and managing the ISMS, and consult the organization on business continuity for critical functions. You will also be involved in implementing and consulting on PCI DSS SAQ A-EP certification. The ideal candidate for this role should have a bachelor's degree in engineering or BSc-IT, experience in performing IT audits of banking/financial sector applications, and knowledge of IT regulations, standards, and benchmarks used by the IT industry (e.g., NIST, PCI-DSS, ISO 27001). Technical knowledge of IT audit tools, experience in carrying out OS/DB/Network reviews, exposure to risk management and governance frameworks/systems, and proficiency in project management, communication, and presentation skills are essential. Being a team player with strong self-directed work habits, initiative, drive, creativity, maturity, self-assurance, and professionalism is crucial for success in this role. Preferred certifications include CISA, CISSP, ISO 27001 Lead Auditor/Implementer, and CISM. Proficiency with Microsoft Word, Excel, Visio, and other MS Office tools is also required.,