Job
Description
We are seeking an experienced IS GRC lead to drive governance, risk management, and compliance initiatives in alignment with the regulatory landscape of the Indian Fintech sector. This role is responsible for leading the second line of defence in our security governance model. The candidate should have deep knowledge of RBI guidelines, IRDAI, CERT-IN, and other applicable Indian IT and cyber security regulations. The role will serve as a key interface between Information Security, Risk Management, and Business stakeholders to ensure effective policy implementation, regulatory compliance, and risk mitigation. Responsibilities Conduct IT risk assessments and drive risk remediation plans. Maintain and operate risk registers and track issues and exceptions across IT and security domains. Collaborate with Business Continuity and Disaster Recovery teams to ensure compliance with regulatory expectations. Design and lead the Vendor Risk Management (VRM) framework in compliance with RBI outsourcing guidelines and third-party risk management standards. Perform third-party/vendor risk assessments, due diligence, and periodic reviews, including for cloud and fintech partners. Monitor and report on vendor risks, concentration risk, exit strategies, and data handling practices. Develop, update, and maintain IS policies, standards, and procedures in line with regulatory frameworks and standards like ISO 27001 ISO 22301 ISO 20001 Establish IT GRC frameworks to monitor compliance and improve control effectiveness. Design and implement common internal control frameworks to support various standard requirements and other overlapping regulatory requirements. Drive the automation of compliance monitoring and evidence collection using GRC tools. Collaborate with IT and InfoSec teams to integrate compliance checks into CI/CD pipelines and cloud infrastructure. Develop dashboards and automated workflows for real-time compliance tracking and reporting. Requirements Bachelor's degree in information technology, Computer Science, or related field. Professional certifications such as CISA, CRISC, PCI DSS, ISO 27001 LA, or CISSP preferred. 8+ years of experience in GRC roles, preferably in fintech domain. In-depth knowledge of RBI regulations and cybersecurity regulations, and exposure to CERT-IN, DPDP, IRDAI, RBI CSF, etc. Strong understanding of cybersecurity governance, risk management frameworks (e. g., NIST RMF), and control libraries. Proven experience leading audits and managing regulatory engagements. Familiarity with GRC platforms (scrut, upguard, archer etc. ) This job was posted by Debapti Roy from mPokket. Show more Show less
