Risk Consultant

As a GRC Lead at Ushur in Bangalore, you will be responsible for implementing the GRC charter to enhance the organization's security and compliance posture. Your role will involve collaborating with external consultants, supporting regulatory requirements like CCPA, GDPR, HIPAA, and certifications such as SOC2, HITRUST, ISO 27001, and PCI-DSS. Additionally, you will contribute to product and corporate security hygiene, establish policies and guidelines, and continuously improve GRC processes to align with stakeholders" needs. **Key Responsibilities:** - Implement the GRC charter to enhance the organization's security and compliance posture - Collaborate with external consultants to develop a security mindset within the teams - Support regulations like CCPA, GDPR, HIPAA, HITRUST, etc. - Assist in certification and compliance audit activities (e.g., SOC2, HITRUST, ISO 27001, PCI-DSS) - Contribute to organization security focusing on product and corporate security hygiene - Establish policies, procedures, and guidelines - Act as a subject matter expert in security and GRC practices - Continuously align and improve GRC processes with stakeholders leveraging existing tools and identifying additional requirements **Qualifications:** - 8-10 years of IT experience with a minimum of 3 years in security/GRC - Proficiency in Cloud Concepts, Cloud Security, and SaaS Security - Experience working in an AWS cloud environment - Ability to draft policies, procedures, and reports - Experience with Security Operations (advantageous) - Familiarity with compliance tasks, assessments, risk management, and audits - Knowledge of certifications such as SOC2, ISO 27001, PCI DSS - Understanding of frameworks, regulations, standards, best practices (e.g., NIST CSF, CSA, CIS, HITRUST) - Prior experience with GRC tools (advantageous) - DevSecOps/DevOps skills - Security testing knowledge (SAST, DAST, VAPT) - Vulnerability management skills - Knowledge of Data Security, Privacy, and Incident Response processes - Exposure to control implementation, DR, BCP, Malware campaign, advisory - Familiarity with EDR, MDR, DLP, endpoint protection tools - Automation, standardization, templatization skills (advantageous) - Awareness of industry regulations on security and privacy (e.g., GDPR, CCPA, DPDP) In this role, you will have the opportunity to work in a great company culture that values diversity, innovation, and personal growth. Ushur offers competitive compensation and benefits, including a values-based environment, flexible leave policies, health benefits, learning opportunities, and a supportive work environment for professional and personal development. Join us at Ushur and be part of a caring, collaborative team dedicated to transforming customer experiences through innovative technology solutions.,