Senior Manager IT Governance Risk and Compliance - Pune

Job Title: Senior Manager IT Governance, Risk & Compliance (GRC)

Reporting To: Head Information Security

Job Location: Pune

Experience: 6-8 Years

Qualification:

• Bachelors or master’s degree in information technology, Computer Science, or Cybersecurity.
• Preferred certifications: CISA, CRISC, ISO 27001 LA/LI, CISM or equivalent.

Experience Required:

Minimum 6-8 years of experience in IT Governance, Risk Management, and Compliance, preferably within regulated industries such as Pharmaceuticals, BFSI, or Manufacturing.

Position Overview

The Senior Manager IT GRC will be responsible for leading the design, implementation, and continuous improvement of the organization’s IT governance, risk management, and compliance framework. The role involves ensuring alignment with industry standards, managing policy lifecycle, overseeing risk registers, and tracking compliance status across business units. The candidate will serve as the bridge between the IT Security team, business functions, and internal/external auditors.

Key Roles and Responsibilities

1. Governance and Policy Management

• Develop, review, and maintain IT and cybersecurity policies, standards, and procedures in alignment with NIST, ISO 27001/27017/27018, and DPDP/GDPR frameworks.
• Establish a policy lifecycle management process including drafting, approvals, version control, distribution, and periodic review.
• Ensure all IT and security policies are effectively communicated and acknowledged across the organization.
• Track and report policy compliance metrics and improvement actions to the CISO.

2. Risk Management

• Lead the IT Risk Management program, including risk identification, assessment, mitigation planning, and tracking.
• Maintain and update the Enterprise IT Risk Register and coordinate periodic risk reviews with stakeholders.
• Perform risk-based assessments for new technologies, vendors, and business initiatives.
• Support the design and monitoring of Key Risk Indicators (KRIs) and provide timely risk dashboards to leadership.

3. IT Compliance and Assurance

• Drive compliance with internal policies, regulatory standards, and external audit requirements (e.g., ISO 27001, GDPR, DPDP, NIST, etc.).
• Manage periodic ITGC, data privacy, and cybersecurity compliance assessments across departments and group entities.
• Coordinate and support internal/external audits, ensuring timely closure of observations and corrective actions.
• Maintain a centralized compliance tracking dashboard to monitor adherence and progress.

4. Reporting and Governance Support

• Provide regular reports and dashboards on risk posture, compliance scorecards, and policy adherence for CISO and IT leadership reviews.
• Support the Information Security Committee meetings by preparing agendas, minutes, and action trackers.
• Contribute to management reviews and board-level presentations on the status of governance and compliance.

5. Continuous Improvement & Awareness

• Identify and implement process improvement initiatives to enhance GRC efficiency through automation and analytics.
• Conduct or support awareness programs and training sessions on risk and compliance for IT and business teams.
• Collaborate with cross-functional teams (Legal, HR, Finance, Quality, etc.) to ensure enterprise-wide GRC alignment.

Qualifications & Skills

Education:

• Bachelor’s or master’s degree in information technology, Computer Science, or Cybersecurity.
• Preferred certifications: CISA, CRISC, ISO 27001 LA/LI, CISM or equivalent.

Technical & Professional Skills:

• Strong understanding of IT governance frameworks (COBIT, NIST, ISO 27001).
• Proficiency in risk management methodologies and compliance tracking tools.
• Experience with policy lifecycle management systems and GRC platforms.
• Excellent communication, stakeholder management, and documentation skills.
• Analytical mindset with attention to detail and the ability to present complex data clearly.

Key Performance Indicators (KPIs)

• % of IT policies reviewed and approved within defined timelines.
• Reduction in high/critical IT risks through mitigation tracking.
• Compliance audit closure rate and timeliness.
• Risk and compliance dashboard accuracy and reporting frequency.
• Awareness and training coverage across employees.