Manager / Sr. Manager – GRC (Governance, Risk and Compliance) 78992

• Manage and govern Information Security frameworks such as ISO 27001, ISO 27701, ISO 20000, SOC 2, HIPAA, PCI DSS, NIST, DPDP, and other applicable standards
• Drive enterprise-wide Governance, Risk & Compliance initiatives
• Maintain and improve ISMS, PIMS, and ITSM programs
• Develop, review, and maintain security policies, procedures, standards, guidelines, and templates
• Ensure periodic review and continuous improvement of cybersecurity governance processes
• Track compliance obligations and ensure closure of non-conformities and audit observations

Risk Management

• Execute end-to-end cybersecurity risk management lifecycle
• Conduct risk assessments, gap assessments, and control evaluations
• Maintain enterprise risk register and track mitigation plans
• Identify cybersecurity risks related to applications, infrastructure, cloud, vendors, and business operations
• Work with stakeholders to define remediation plans and risk treatment strategies
• Monitor security KPIs, KRIs, and compliance metrics

Audit & Compliance Management

• Coordinate and manage internal audits, external audits, certification audits, surveillance audits, and customer security assessments
• Represent the organization during client audits and compliance reviews
• Coordinate with certifying bodies, auditors, and regulatory stakeholders
• Ensure audit readiness and timely closure of findings
• Prepare audit schedules, reports, evidence documentation, and compliance dashboards
• Support regulatory and contractual compliance requirements

Security Awareness & Training

• Develop and execute cybersecurity awareness and training programs across the organization
• Conduct periodic awareness campaigns, phishing awareness initiatives, and security communication activities
• Publish advisory notes, security alerts, awareness mailers, and best practice guidelines
• Promote awareness related to ISMS, ITSM, privacy, and cybersecurity compliance requirements

Management Reporting & Executive Communication

• Prepare cybersecurity dashboards, scorecards, and management review presentations
• Create executive-level cybersecurity decks for leadership and management reviews
• Present security posture, risks, audit status, compliance metrics, and improvement plan to senior management
• Support Management Review Meetings with reports, metrics, and action tracking

Supplier & Third-Party Security Management

• Conduct supplier/vendor cybersecurity risk assessments and due diligence reviews
• Evaluate supplier security controls, compliance posture, and contractual obligations
• Track vendor compliance findings and remediation activities
• Collaborate with procurement and legal teams on third-party security governance

Contract & Security Review

• Review MSAs, SOWs, NDAs, RFPs, RFIs, and customer security requirements from a cybersecurity compliance perspective
• Provide security and compliance inputs during customer onboarding and procurement processes
• Ensure contractual alignment with regulatory and organizational cybersecurity requirements
• Support security questionnaires and customer assurance activities

• Information Security frameworks and standards:
  • ISO 27001:2022
  • ISO 27701
  • ISO 20000
  • NIST CSF
  • SOC 2
  • HIPAA
  • PCI DSS
  • DPDP Act
• Risk management methodologies and audit practices
• Security governance and compliance management
• Third-party/vendor risk management
• Network and infrastructure security concepts
•  Regulatory and contractual cybersecurity compliance requirements

• Governance of multiple security and compliance frameworks
• Enterprise risk assessment and mitigation planning
• Audit management and stakeholder coordination
• Policy and documentation management
• Vendor/supplier security assessment
• MSA, RFP, and contractual security review
• Cybersecurity reporting and dashboard preparation
• Executive presentation and management communication
• Strong analytical and problem-solving skills
• Excellent verbal and written communication
• Ability to manage cross-functional stakeholders

• Review & Analyse various InfoSec requirements and advise on implementation
• Be a Change Approver for the Information Security requirement
• Prepare & Publish Advisory Notes, InfoSec Awareness mailers etc.
• Develop and maintain documents (policies, procedures, templates), records, and templates related to ISO 27001/27701, ISO 20000, NIST, SOC 2, HIPAA, PCI DSS, DPDPA
• Creation and Periodic review of policies, procedures, and templates
• Promoting awareness related to ISMS & ITSM
• Preparing Audit Schedules / Plan, Conduct Internal Audits periodically, Publish Report, and track till closure
• Initiate necessary corrective and preventive action
• Measuring & Monitoring the ISMS & ITSM process performance / KPI periodically
• Prepare Management Review Meeting Reports, Plan, Schedule, and conduct periodic Management Review Meetings
• Coordinating with Certifying Body
• Representing the management during various external audits (certification & surveillance audits, client InfoSec audits, etc)
• Ensuring the compliance of all the functions as per the ISO 27001/27701, ISO 20000, NIST, SOC 2, HIPAA, PCI DSS
• Reporting to the top management on the performance, opportunities for improvement, issues, non-conformities, Audit reports, etc., related to ITSM & ISMS

• Strong communication and report writing skills
• Analytical and problem-solving ability
• Stakeholder management and teamwork
• Proficiency in MS Excel, Word, and PowerPoint
• Presentation and audit handling skills
• Proactive mindset with strong ownership

• ISMS LA/LI ISO-27001:2022
• PIMS LA/LI ISO-27701:2025
• ITSM LA/LI ISO-20000:2018
• CEH, CHFI, CISSP or CISA certificate

• Any Graduate in Information Technology

• 7 to 10 years of experience in managing the Information Security framework of an organization