Job
Description
Role Overview: We are seeking a seasoned Cybersecurity GRC Specialist to lead and support the organization’s governance, risk, and compliance (GRC) initiatives across our Offices, Cloud platform and services . The ideal candidate will have deep experience in implementing and maintaining ISO 27001, SOC 2, PCI DSS , and managing Vulnerability Assessment & Penetration Testing (VAPT) processes. Additional hands-on knowledge in network security is highly desirable. Key Responsibilities: Governance, Risk & Compliance (GRC): Design, implement, and manage security compliance programs across our on-premise private cloud infrastructure , aligned with ISO 27001 , SOC 2 , and PCI DSS . Conduct risk assessments , control gap analyses, and develop mitigation and risk treatment plans specific to private cloud environments. Lead internal compliance readiness efforts and manage external audits, ensuring timely closure of findings and non-conformities. Maintain and enhance GRC documentation , including control matrices, risk registers, and compliance reports. Support infrastructure hardening and compliance. Work closely with DevOps, IT, and infrastructure teams to embed GRC requirements into the platform lifecycle , ensure security-by-design , and collect audit-ready evidence . Create or update security policy documents as needed to align with evolving business and compliance requirements. Vulnerability Assessment & Penetration Testing (VAPT): Conduct and coordinate VAPT exercises from the organization's perspective, including hands-on testing of internal applications, systems, and infrastructure. Collaborate with internal teams and third-party vendors for broader or specialised assessments as needed. Analyse and document findings from vulnerability scans and penetration tests across application, system, and network layers. Provide actionable remediation guidance, prioritise risks based on business impact, and work closely with technical teams to drive resolution and secure configurations. Network & Infrastructure Security (Optional but Preferred): Assist in securing network and virtual infrastructure , including Firewalls, WAF, Proxy, VPN, and segmentation strategies. Collaborate with SOC teams for use case development, continuous monitoring, threat detection, and response initiatives. Required Skills & Qualifications: Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field. 8–12 years of relevant experience in cybersecurity, with a minimum of 5 years focused on GRC. Proven track record managing and sustaining compliance with ISO 27001 , SOC 2 , and PCI DSS . Hands-on experience with VAPT , vulnerability management, and remediation tracking. Strong understanding of security control frameworks ( NIST CSF , CIS Controls , ISO ). Effective communicator with experience working across engineering, operations, and executive leadership teams. Preferred Certifications: One or more of the following: CISA , CISM , CRISC , CISSP , ISO 27001 Lead Implementer/Auditor Technical certifications such as CEH , OSCP , or equivalent are a plus Show more Show less
