Information Security GRC Analyst I
India
Full Time
4 days ago
No Sponsorship
Key skills
CloudCyber SecurityAIRisk ManagementCommunication
About this role
Role Overview
- Support the development, implementation, and maintenance of IT governance frameworks (e.g., COBIT, ITIL), ensuring alignment with organizational and regulatory requirements.
- Oversee the lifecycle of IT policies and standards, including creation, review, approval, communication, and monitoring for compliance.
- Manage third party vendor risk, including AI and cloud service providers, by conducting due diligence, security and compliance assessments, contract/control reviews, and ongoing performance and risk monitoring.
- Support IT risk management by identifying, assessing, and tracking technology risks, maintaining risk registers, and coordinating mitigation and monitoring activities with control owners.
- Perform internal audits and assist in evidence collection for client audits and compliance frameworks, including but not limited to ISO 27001, PCI, SOX, SOC 1 & 2, and other relevant standards.
- Conduct phishing simulation campaigns, perform meaningful analysis of results, and manage the overall security awareness program to drive continuous improvement in user security behaviour.
- Provide expert support in the assessment, design, implementation, and ongoing enhancement of technical controls and processes, including reviewing IT systems and tools to ensure appropriate controls are in place.
- Collaborate with control owners and system administrators to review test findings, remediate IT control gaps, and drive improvements that enhance the quality, consistency, and operability of new and existing controls.
- Lead the completion of client security questionnaires and RFPs, ensuring accurate and timely responses.
Requirements
- Bachelor’s degree in information systems (IS), Cybersecurity, or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work in lieu of degree.
- 2+ years of audit, technical compliance, or information security experience.
- Strong understanding of IT governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, COBIT, PCI-DSS), with proven experience in conducting risk assessments, audits, and compliance initiatives.
- Self-motivated professional with excellent analytical, problem-solving, and communication skills, and the ability to work both independently and collaboratively in a fast-paced environment.
- Demonstrated ability to lead security projects and initiatives from conception to completion.
- Relevant certifications such as CISA, CISM, CRISC, or CISSP are highly desirable.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Hybrid work model provides a flexible work/life balance
- Voluntary Provident Fund is an additional voluntary contribution scheme associated with the statutory Employee Provident Fund (EPF)
- Our Gift of Knowledge Program provides tuition assistance and substantial discounts for our employees and close family members
- Comprehensive health benefits new hire eligibility starts on day 1 of employment
- Generous Paid Time Off includes National holidays(10), Earned leaves(15), sick leave(12), plus one (1) volunteer day to participate and give back to our local communities
- Gratuity is applicable upon completion of 5 years as per the Gratuity Act