Manager - Risk Management - Cyber Strategy & Transformation

• Lead the design and implementation of enterprise-wide GRC (Governance, Risk, and Compliance) strategies leveraging globally recognized frameworks such as ISO 27001, NIST CSF, COBIT, COSO, and others to support the organization s cybersecurity objectives and regulatory mandates.
• Provide strategic oversight and direction to GRC teams, ensuring seamless execution of compliance initiatives, risk programs, and security governance activities across multiple geographies or business units.
• Drive end-to-end program management for large-scale GRC engagements, including risk assessments, compliance audits, and policy development, while ensuring alignment with organizational objectives and evolving regulatory landscapes.
• Lead cross-functional teams and manage stakeholders across cybersecurity, legal, internal audit, compliance, IT operations, and business leadership to embed a risk-aware culture and drive secure business outcomes.
• Supervise and guide the development and continuous improvement of information security policies, procedures, and control standards, ensuring compliance with applicable regulations (e.g., SOX, GDPR, HIPAA, PCI-DSS, India DPDP, DORA, SEC cyber disclosure).
• Lead and mature the enterprise risk management function by conducting risk assessments, maintaining the risk register, tracking KRIs, and ensuring timely risk remediation and reporting to senior leadership and board-level committees.
• Own third-party risk management (TPRM) processes, including the establishment of frameworks for due diligence, vendor assessments, contract reviews, and periodic reassessments.
• Oversee internal and external cybersecurity audits, including planning, scoping, control testing, evidence collection, stakeholder management, issue remediation, and audit closure reporting.
• Serve as a GRC subject matter expert (SME) during high-impact organizational events such as cloud migrations, MA activities, or implementation of new technologies.
• Develop and present executive-level dashboards, risk heatmaps, compliance KPIs, and board reporting, ensuring visibility of key risks and control effectiveness.
• Drive proposal development, client presentations, and responses to RFPs/RFIs, contributing to business development efforts, solution shaping, and capability showcasing in collaboration with pursuit teams.
• Manage and optimize GRC platforms and tools such as RSA Archer, ServiceNow GRC, or MetricStream, ensuring system accuracy, process automation, and enhanced user experience.
• Interpret and advise leadership on emerging cybersecurity regulations, providing impact assessments, compliance roadmaps, and strategic recommendations.
• Mentor and grow high-performing GRC teams, fostering a collaborative environment, promoting continuous learning, and providing career development guidance to team members.
• Promote enterprise-wide risk awareness through structured awareness campaigns, leadership workshops, and training sessions for business and technology teams.

• bachelors degree in information technology, Computer Science, Cybersecurity, or related discipline; advanced degrees or certifications (e.g., CISA, CRISC, CISSP, ISO 27001 LA/LI) preferred.
• 8 14 years of progressive experience in information security, GRC, cybersecurity risk management, or IT audit, including 3 5 years in a leadership or client-facing role.
• Strong expertise in implementing and managing IT and security control frameworks (e.g., NIST, ISO 27001, COBIT, COSO, ITIL).
• Proven experience navigating Indian and global cybersecurity regulations and translating regulatory requirements into actionable security programs.
• Experience in developing and responding to RFPs, participating in pre-sales engagements, and building client relationships.
• Excellent stakeholder management, communication, and presentation skills with the ability to influence senior leadership and board members.
• Demonstrated ability to lead and mentor teams, manage cross-functional projects, and deliver high-quality outcomes under tight deadlines.
• Experience of the use of GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream) and tools for risk management and compliance reporting.

Primary Skills:

• GRC Framework Implementation

  ISO 27001, NIST CSF, COBIT, COSO

• Enterprise Risk Management (ERM)

  Risk assessments, risk register, KRIs

• Regulatory Compliance Management

  SOX, GDPR, HIPAA, PCI DSS, DPDP, DORA, SEC Cyber

• Information Security Policies Procedures

  Design, implementation, and governance

• Internal External Audit Management

  Audit lifecycle, remediation, reporting

• Third-Party Risk Management (TPRM)

  Vendor due diligence, assessments, contracts

• Team Leadership Mentoring

  Leading GRC teams and nurturing talent

• GRC Tools Expertise

  RSA Archer, ServiceNow GRC, MetricStream

• Executive Board Reporting

  Dashboards, risk heatmaps, strategic insights

• Proposal Development RFP/RFI Response

  Business development support

• Stakeholder Cross-functional Engagement

  Cyber, IT, legal, audit, business

• Program Project Management

  End-to-end GRC initiative execution

• Cybersecurity Awareness Programs Designing and delivering awareness initiatives
• Change Management Embedding risk-aware culture and process transformation
• Business Continuity Disaster Recovery (BC/DR) Alignment with GRC objectives
• Cloud Security Governance Risk and compliance during cloud transformations
• Data Privacy Governance Interpretation and implementation of privacy frameworks
• ITIL Framework Knowledge IT operations and service management alignment
• Crisis Incident Management Support Advisory role during breaches or simulations