Senior Manager – Cybersecurity (CISSP, GRC & Risk Assessment)

Job Title-Senior Manager – Cybersecurity (CISSP, GRC & Risk Assessment)

Experience-8-10Years.

Location-Pune.

Key Responsibilities:

Lead the development and execution of the organization’s Cybersecurity GRC framework.

Conduct comprehensive cyber risk assessments, threat modeling, and impact analyses for critical systems and processes.

Define and maintain security policies, standards, and procedures aligned with industry best practices and regulatory requirements (ISO 27001, NIST, GDPR, HIPAA, etc.).

Manage internal and external cybersecurity audits and ensure closure of findings and action items.

Work closely with business and IT stakeholders to drive cyber risk mitigation plans and ensure alignment with risk appetite.

Develop executive-level reports, dashboards, and KPIs on cyber risk posture and GRC performance.

Oversee vendor risk assessments and third-party cybersecurity due diligence.

Provide guidance on compliance with data privacy, regulatory, and legal obligations.

Ensure incident response readiness and participate in tabletop exercises and investigations.

Support training and awareness programs across the enterprise to strengthen the cyber risk culture.

Required Skills & Qualifications:

8+ years of experience in Cybersecurity, with at least 4 years in GRC or Risk Management leadership roles.

CISSP certification is mandatory; additional certifications like CISA, CISM, CRISC, ISO 27001 LA are a plus.

Strong understanding of cybersecurity principles, frameworks, and standards (NIST CSF, ISO 27001, COBIT, PCI-DSS, etc.).

Deep expertise in risk assessment methodologies (OCTAVE, FAIR, etc.).

Experience with GRC platforms like RSA Archer, ServiceNow GRC, MetricStream, etc.

Familiarity with data protection regulations (GDPR, HIPAA, SOX, etc.).

Strong analytical, leadership, and communication skills to engage with executive stakeholders.