Senior GRC Specialist

Job Title: GRC Specialist / Senior GRC Specialist

Experience Required: 4-8 years

Location: Noida

Employment Type: Full-Time

About the Role

GRC Specialist will be responsible for driving and maintaining the Magicbricks Governance,

Risk, and Compliance (GRC) programs in alignment with global standards and corporate

security objectives. The ideal candidate will bring deep expertise in implementing and

managing frameworks such as ISO-27001, SOC-2, DPDPA, and related regulatory

requirements, while ensuring strong operational execution of day-to-day GRC activities.

This role will act as a key liaison between the Head of security, internal teams, auditors, and

regulatory bodies, ensuring that governance and compliance objectives are achieved

efficiently and consistently.

Key Responsibilities

Governance & Policy Management

• Develop, maintain, and enhance information security and compliance policies,

standards, and procedures.

• Ensure alignment of governance practices with business objectives, security strategy, and regulatory obligations.

• Facilitate periodic reviews and updates of GRC frameworks and documentation.

• Support in defining key governance metrics, KRIs, and compliance KPIs for executive reporting.

Risk Management

• Perform and manage periodic enterprise and IT risk assessments.

• Maintain the corporate risk register and ensure timely mitigation and tracking of identified risks.

• Collaborate with business and technology teams to evaluate new initiatives for security and compliance risks.

• Support the development of risk treatment plans and monitor effectiveness of controls.

Compliance & Audit Management:

• Lead and coordinate internal and external audits including ISO 27001 certification,SOC-2 Type I/II assessments, DPDA compliance reviews, and other applicable frameworks.

• Manage end-to-end audit processes: evidence collection, control validation, gap remediation, and audit readiness.

• Maintain audit documentation, control library, and compliance dashboards.

• Serve as the primary point of contact for external auditors and certification bodies.

• Monitor regulatory developments and assess their potential impact on organizational compliance posture.

Operational GRC Responsibilities

• Conduct periodic control testing, compliance monitoring, and policy adherence checks.

• Support vendor risk management activities including due diligence and third-party security assessments.

• Coordinate security awareness initiatives to enhance compliance culture across the organization.

• Prepare and deliver GRC performance and compliance reports to the leadership.

Required Qualifications

• Bachelors degree in information security, Computer Science, Information Systems,or related field.

• 4-8 years of progressive experience in Information Security, GRC, or Audit Management functions.

• Proven experience in managing or leading ISO 27001, SOC-2, and Data Privacy audit programs.

• Strong understanding of information security controls, risk management methodologies, and regulatory compliance.

• Experience with security control frameworks such as NIST CSF, CIS Controls, COBIT,or similar.

• Excellent analytical, documentation, and stakeholder management skills.

• Working knowledge of GRC tools and platforms.

Personal Attributes

• High attention to detail and commitment to accuracy.

• Excellent interpersonal and communication skills across technical and business stakeholders.

• Ability to manage multiple audits, assessments, and compliance initiatives simultaneously.

• Proactive, organized, and capable of operating in a structured enterprise environment.

• Demonstrates integrity, confidentiality, and a strong sense of professional ethics.