Urgent hiring For GRC Specialist (5-8 Years Experience)

Role Title : Information Security and Data Privacy GRC Professional Team : Information Security Location : Gurgaon/Bangalore Reports To : CISO About the Role : We are looking for experienced professionals in Information Security and Data Privacy Governance, Risk, and Compliance (GRC) to join our team. The ideal candidate will possess a deep understanding of information security frameworks, risk management practices, and data privacy regulations. This role requires a hands-on, proactive approach in ensuring our organizations security and privacy standards align with both internal policies and external regulations. As a part of this role, you will be responsible for designing and implementing GRC strategies, managing security audits, and ensuring compliance with data protection regulations, while working closely with cross-functional teams. What You’ll Do : Governance, Risk, and Compliance (GRC): Develop, implement, and maintain GRC strategies, policies, and frameworks across the organization. Conduct risk assessments, including vendor, third-party, and internal assessments, to identify and mitigate information security and privacy risks. Ensure compliance with industry standards and regulations, such as GDPR, HIPAA, ISO 27001, SOC 2, PCI DSS, etc. Monitor and manage the organization's compliance with internal and external security and privacy policies. Facilitate internal and external audits and assessments, providing necessary documentation and support. Data Privacy: Oversee data privacy initiatives, including data classification, data governance, and privacy impact assessments (PIAs). Implement and maintain privacy policies, ensuring adherence to global regulations such as GDPR, CCPA, and other regional data protection laws. Serve as the subject matter expert for data privacy issues and collaborate with legal teams to address regulatory inquiries. Risk Management: Identify, assess, and prioritize risks related to information security and privacy across various business units. Develop and implement risk mitigation plans and controls to minimize the impact of potential threats. Monitor and report on the effectiveness of controls and risk treatment plans. Security Awareness & Training: Develop and deliver security awareness training programs to employees, emphasizing data privacy, information security best practices, and regulatory compliance. Promote a culture of security awareness across the organization through workshops, seminars, and regular communication. Collaboration & Leadership: Work closely with cross-functional teams including IT, Legal, Engineering and Product to drive security and privacy initiatives. Provide leadership and guidance to junior team members and stakeholders, ensuring alignment with the organization's security objectives. What You’ll Need : Certifications (Preferred): Certified Information Systems Security Professional ( CISSP ) Certified Information Security Manager ( CISM ) Certified Information Systems Auditor ( CISA ) Certified Data Privacy Solutions Engineer ( CDPSE ) ISO 27001 Lead Implementer / Auditor GDPR Certification Soft Skills: Strong leadership and decision-making skills. Excellent verbal and written communication skills. Ability to work in a fast-paced, dynamic environment.