4 Itgrc Jobs

Job Requirements Design and execute the day-to-day activities of Information Technology (IT) audit engagements, with a focus on strategic, operational and regulatory/compliance related risks Plan activities related to development of audit program, and execution of internal audits and IT control assessments in the following areas: cybersecurity, IT strategy and governance, IT operations, business continuity and disaster recovery, network and infrastructure security, cloud and third party risk, programs and projects, automation, General Information Technology Controls (GITCs) and application controls, and regulatory/compliance requirements Review clients' processes and controls against leading practice and industry frameworks, identify gaps in design and execution, and communicate issues and recommendations to engagement leads and client management Contribute to IT Audit knowledge base and internal practice development initiatives Supervise and provide performance management for IT audit staff working on assigned engagements Write and present clear and concise reports and presentations containing meaningful observations and recommendations to clients, and document procedures performed and conclusions reached related to projects Support proposal and business development activities by assisting in the identification of new target clients, building business relationships with key executives, and developing/presenting proposals Provide oversight and leadership to team members regarding deliverables, project plans, and performance management while contributing to industry and regulatory publications, writing professional and thought leadership articles, and speaking at related conferences and seminars Mandatory technical & functional skills Bachelor's degree in an appropriate field from an accredited college/university; Master's degree from an accredited college/university is preferred Prior knowledge leading and executing risk-based IT-related internal audits and/or risk and control assessments, leveraging IT governance and control frameworks such as COBIT, NIST CSF, NIST 800-53, and ITIL and proficiency in core requirements and methodologies for SOX internal control programs Experience with IT Risk Management and three lines of defense frameworks CISA, PMP, CISSP or CRISC certification is preferred Key behavioral attributes/requirements Ability to work well independently as well as part of a team Driven and enthusiastic with a can-do attitude and a strong sense of ownership to get the job done in a pragmatic fashion

Job description Role : Information Security GRC - Lead Experience : 6+ years (Relevant) Location : Gurgaon Work Mode: WFO Role & responsibilities Global Standards ISO 27001,22301 and Control Testing (ITGC) Understand Compliance Assessment requirements inline to global security standards. Ability to validate effectiveness of controls implemented. Regulatory Compliance and Reporting Exposure Understand Regulatory and Business requirement and drive the Information security compliance requirements in line to the same. Eg. RBI, CERT-IN, IRDAI, Global Regulations 3rd Party Vendor Risk Assessment Understand Business requirement and drive the Information security compliance requirements in line to the same Training & Development Skills for managing training implementation w.r.t InfoSec, Aadhar to bank employees. Security KPI`s and KRI`s Identify the KPIs for different various Information security deliverables and document matrices for effectiveness measurement. Understanding of Security Technologies Understanding of Security Tools and Devices such as Firewall, IDS, DDoS, SIEM etc. Project Management Skills Skills for managing complex project implementation, stakeholder and senior management briefings. Soft Skills Candidate should be able to understand the questions & express their answers/thoughts precisely with confidence. Other desirable Skills Documentation, Managing Auditors, Led by Example Qualification: Preferred candidate profile 6+ years of Experience with GRC, Cyber Security & RBI regulatory Experience performing information security audits or risk assessments Familiarity with security auditing processes Must be familiar with dashboard creation and proficiency with Microsoft Windows software programs, MRI experience a plus Indian Banking exp preferred Must be handling a team If interested share your cv at aishwarya@beanhr.com

ROLE SUMMARY: The Associate Director of Technology Risk Advisory (TRA) will lead and oversee the development and growth of a high-performing Technology Risk Advisory practice. The role involves strategic planning, team building, client engagement, and service delivery while ensuring excellence in Cybersecurity, Governance, Risk, and Compliance (GRC), Technology Operations (TechOps), Security Operations (SecOps), and Global Privacy Regulations. This leader will focus on delivering client-centric solutions and building a robust practice. JOB DESCRIPTION : Practice Management : Operations : Develop a strategic roadmap to build and scale the Technology Risk Advisory practice. Design service offerings in Cybersecurity GRC, TechOps, SecOps, and Privacy Advisory. Establish robust frameworks, methodologies, and tools for delivering advisory services. Develop and implement cybersecurity frameworks based on ISO 27001, NIST CSF, COBIT, and other standards. Guide security operations, including SIEM, threat intelligence, and incident response. Offer advisory on technology operations, including IT infrastructure optimization and Dev SecOps integration. Ensure compliance with global privacy regulations (GDPR, CCPA, HIPAA, etc.). Design privacy programs, data protection mechanisms, and compliance monitoring systems. Maintain a strong understanding of emerging regulations and their impact on clients. Sign off on client cybersecurity strategies, encompassing threat management, incident response planning, business continuity, and disaster recovery. Ensure the effective execution of multiple projects simultaneously, adhering to project timelines, scope, and budget requirements. Profitability/Revenue Management : Increase topline revenue for the Practice as per predefined goals, while maintaining the practice gross margin. Budget management & optimization. Take responsibility for the IT Governance, Risk Management and Compliance budget. Business Relationship Management for IT Governance and Risk - this role will be a critical interface between the Firm's Leadership and the TRA team and will be required to present to the Leadership and the Executive teams periodically. Identify, prioritize, define and refine the Information Security strategy through the evaluation of new approaches and solutions in collaboration with the Managing Committee. Sales & Marketing Support : Drive growth through business development, partnerships, and client acquisition strategies. Identify market trends and position the practice as a thought leader in the industry. Develop marketing strategies, including whitepapers, webinars, and industry events. Support the Sales teams for deal closures Create visibility for the practice on various platforms and among a larger network Provide technical support to the sales & marketing team on practice service verticals Support the business development process, including proposal development, client pitches, and contribution to marketing efforts. Development of the Practice and promotion of the the Firm's brand name via articles in publications, regular update management for clients, speaker at seminars, etc. People Management: Ensure that personal and team objectives and strategy are aligned to departmental and organizational goals, and actively tracked and reported on across the year. Build and manage a team including recruitment, appraisals, developing training material, providing training to team members, and technically guiding the teams in completing their assigned deliverables Review of efficient and effective planning, selection and team management of all resources throughout the year including temporary resource redeployment within team/with other departments, Build and mentor a high-performing team with a blend of technical and advisory expertise. Retention of existing employees and measurable attrition management Address issues at emotional/infrastructural level at work being faced by teams, take responsibility for team building and career development of the team. Identify training needs of teams and assist in skill building wherever required. Ensure strategic resource planning, coupled to long term forecasting via the Annual Business Plan and 3/5 year plans, and in collaboration with HR. Succession planning for all critical roles within the team. Client Management & Quality Client Management: Act as a trusted advisor to clients, providing expert insights into technology risk management. Develop solutions aligned with client needs, industry standards, and regulatory requirements. Drive impactful outcomes, engage with senior client stakeholders, including CXOs and board members. Serve as the primary point of contact for key clients, managing expectations, building long-term relationships, and understanding their evolving technology risk needs. Provide thought leadership and expert guidance to clients on industry trends, regulatory developments, and emerging cybersecurity threats. Be part of critical client presentations and discussions to communicate project outcomes, cybersecurity vulnerabilities, and remediation strategies in a clear and actionable manner. Proactively identify opportunities to expand service offerings and assist clients in achieving their cybersecurity objectives. Manage current and developing new relationships and alliances. Quality: Maintain quality across all projects and seek active feedback on the same from all internal/external stakeholders. DESIRED CANDIDATE PROFILE: To be tailor-fit for the above skillsets, you need to have the following, Qualifications: Bachelors/masters degree in computer science, Information Security, or a related field. Professional certifications (CISSP, CISM, CRISC, CISA, or equivalent). Advanced certifications in privacy (CIPM, CIPT, or equivalent) preferred. Experience : 12-14 years of experience in Cybersecurity GRC, TechOps, and SecOps, with at least 5 years in a leadership role. Proven track record of building and scaling advisory practices, preferably in a global context. Intermediate knowledge of global privacy regulations and related compliance requirements. Experience in performing/overseeing IT audits, control assessments, and developing cybersecurity strategies and risk management frameworks. Knowledge of ethical hacking techniques, threat modelling, and exploitation of security vulnerabilities. Prior business development, sales, client management and practice management experience. Experience of handling a large client portfolio with a strong professional network/presence. Strong experience in leading large teams and managing complex client engagements. Skills : Advanced expertise in Cybersecurity frameworks, risk management, and operational security. Deep understanding of regulatory environments and privacy laws globally. Excellent leadership, communication, and stakeholder management skills. Strong business acumen, with the ability to identify and capitalize on market opportunities. In-depth knowledge of IT Governance, Risk, and Compliance (ITGRC) frameworks such as ISO 27001, NIST, COBIT, PCI DSS, and GDPR.

Role & responsibilities Job Title: Assistant Manager - Information Security/ IT GRC Base Location: Thane/ Mumbai Employment Type: Full-Time Reporting To: Partner Job Summary: KVAT & Co is seeking a highly skilled and experienced Information Security Lead for its Governance, Risk, and Compliance Technology (GRC-T) practice. The ideal candidate will be responsible for executing and leading Information Security, Cybersecurity, and Data Privacy projects, ensuring compliance with regulatory standards, and providing strategic guidance to clients. This is a client-facing role requiring strong executive presence, leadership abilities, and technical expertise in the domain. The candidate should be able to independently manage projects and lead client engagements. Key Responsibilities: 1. Cybersecurity & Information Security Assessments and IT Audits: Conduct comprehensive cybersecurity reviews and IT Audits for clients. Perform gap assessments against leading security frameworks (ISO 27001, NIST, CIS, etc.). Evaluate existing information security controls and recommend remediation measures. 2. Security Implementation & Monitoring: Act as an implementation partner for information security controls and frameworks. Oversee and monitor the implementation process to ensure adherence to industry best practices. Support organizations in achieving compliance with regulatory frameworks (RBI, IRDAI, SEBI, GDPR, DPDP, etc.). 3. Policy Drafting & IT Risk Management: Develop and draft information security policies for clients as per industry standards. Conduct IT risk assessments to identify vulnerabilities and threats. Develop risk mitigation strategies to enhance IT governance frameworks . 4. Security Testing & Third-Party Risk Assessments: Provide support in vulnerability assessments & penetration testing (VAPT). Conduct third-party IT risk assessments and vendor information security reviews. 5. Data Privacy & Regulatory Compliance: Assist in GDPR compliance assessments and implementation projects . In-depth understanding of DPDP (Digital Personal Data Protection) framework and Indian data privacy laws . Stay updated with IRDAI, RBI, SEBI master circulars, and cybersecurity regulations to ensure compliance. 6. Client & Team Management: Serve as a point of contact for clients on information security project execution. Conduct awareness sessions for clients Assist in presentations for clients. 7. Business Development & Stakeholder Engagement: Develop decks, case study-based proposals , and service presentations. Present service offerings and project-based case studies to prospective clients. Lead discussions with CXOs, CIOs, and other senior stakeholders on cybersecurity matters. Key Skills & Competencies: Technical Expertise: Strong knowledge of cybersecurity frameworks, risk management, and IT governance . Regulatory Understanding: Hands-on experience with GDPR, DPDP, RBI, IRDAI, SEBI cybersecurity guidelines . Communication & Presentation: Ability to clearly articulate cybersecurity strategies and deliver high-impact presentations to clients. Leadership & Client Handling: Prior experience in a client-facing role with the ability to manage projects independently . Report Writing & Documentation: Strong reporting, policy drafting, and technical documentation skills. Project Management: Ability to plan, execute, and ensure timely delivery of IT GRC projects. Business Acumen: Experience in service pitching, proposal drafting, and stakeholder engagement . Required Qualifications & Experience: Educational Background: Bachelors in related fields Any additional certifications will serve as an added advantage. Experience: 5+ years of experience in Information Security, Cybersecurity, and IT GRC domains . Proven track record of handling projects independently and client interactions . Prior experience in consulting firms or IT security advisory firms is an added advantage. Consulting experience preferred CTC: As per industry standards and experience Why Join KVAT & Co? Opportunity to lead the projects High visibility role with direct client exposure and impact. Work on diverse industry sectors , handling cutting-edge cybersecurity projects. Collaborative and growth-oriented work environment . Application Process: Interested candidates can share their resume at hr@kvatco.co.in with the subject line Application for Information Security Lead – IT GRC” .