Senior Manager - GRC & BCMS

Job Title: Senior Manager GRC & BCMS

Location: Juinagar, Mindspace

Role Summary

We are seeking a seasoned and strategic professional with 12–16 years of progressive experience in Governance, Risk & Compliance (GRC), with demonstrable expertise in Business Continuity Management Systems (BCMS), cybersecurity risk posture assessments and regulatory frameworks. This role is pivotal in driving enterprise-wide risk mitigation, regulatory compliance, operational resilience and security awareness through robust governance structures and proactive risk management.

Key Responsibilities

Governance, Risk & Compliance (GRC)

• Design, implement and maintain the organization’s GRC framework in alignment with global standards (e.g., ISO 27001, DPDP act).
• Lead enterprise risk assessments, control testing and mitigation strategies across business units.
• Oversee Third-Party Risk Management (TPRM) processes, including vendor assessments and due diligence.
• Review and update security policies, procedures and standards to ensure regulatory alignment and operational relevance.
• Collaborate with internal audit, legal, IT security and business teams to ensure integrated risk management.
• Prepare executive-level dashboards and reports for senior leadership and board committees.
• Conduct Cybersecurity Risk Posture Assessments and recommend remediation strategies.

Business Continuity Management System (BCMS)

• Lead the development and implementation of BCMS aligned with ISO 22301 standards.
• Conduct Business Impact Analysis (BIA) and risk assessments to identify critical functions and dependencies.
• Develop, maintain and test business continuity and disaster recovery plans.
• Facilitate simulation exercises, post-incident reviews and continuous improvement initiatives.
• Ensure BCMS integration with IT disaster recovery, crisis management and emergency response protocols.
• Engage with external stakeholders, regulators and auditors to demonstrate BCMS maturity and readiness.

Information Security Awareness & Identity Management

• Design and deliver organization-wide information security awareness sessions and campaigns.
• Create engaging awareness content, presentations and training materials tailored to various audiences.
• Oversee Identity and Access Management (IDAM) and User Access Management (UAM) processes, including access provisioning, recertification and governance.
• Support CERT-In audits and ensure timely compliance with national cybersecurity directives.

Qualifications & Experience

• Bachelor’s or master’s degree in Risk Management, Business Administration, Information Security, or related field.
• 12–16 years of progressive experience in GRC, risk management, or compliance roles.
• Proven hands-on experience in designing, implementing and managing BCMS programs.
• Experience conducting security awareness programs and managing IDAM/UAM frameworks.
• Professional certifications preferred: ISO 22301 Lead Implementer, ISO 27001 Lead Auditor, CRISC, CISA, CBCP.

Skills & Competencies

• Deep understanding of risk management frameworks, regulatory compliance and business continuity principles.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication, presentation and stakeholder engagement capabilities.
• Ability to lead cross-functional teams and drive change in complex environments.
• High integrity, strategic mindset and resilience under pressure.

Tools & Technologies

• GRC platforms (e.g., RSA Archer, MetricStream, ServiceNow GRC)
• Business continuity planning tools (e.g Fusion Framework, ClearView)
• Risk assessment and audit tools
• Identity governance tools (e.g., ForgeRock Identity Platform, SailPoint, Saviynt, or equivalent)
• Microsoft Office Suite, Power BI, SharePoint