Grc Analyst
Navi Mumbai
April 9, 2026
Full Time
- Strong understanding of information security frameworks such as ISO 27001/27002, ISMS, SOC1&2 and NIST Cybersecurity Framework (CSF), with hands-on experience supporting implementation or audits.
- Working knowledge of information security risks related to enterprise information assets and intellectual property.
- Understanding of integrated IT and physical security risk concepts.
- Experience working in risk management environments involving information security, privacy, records management, or eDiscovery.
- Understanding and knowledge of IT General controls across multiple audit and compliance frameworks
- Foundational understanding of security technologies and architectures, including network security, identity and access management, encryption, application security, vulnerability management, and monitoring tools.
- Experience supporting security-related projects and initiatives in a cross-functional environment.
- Participate in enterprise and program-level initiatives aligned with Information Security goals and objectives.
- Support the maintenance and continuous improvement of the information security risk management framework, program guidelines, and standard operating procedures.
- Conduct information security risk and control assessments across technical environments, business processes, and third parties.
- Document identified control gaps and associated risks from both technical and business perspectives.
- Perform gap assessments against regulatory requirements, external standards, and internal security policies.
- Partner with Information Security, Privacy, IT, and business stakeholders to support risk prioritization and remediation planning.
- Support the security and privacy awareness and training program, including tracking participation and effectiveness metrics.
- Conduct third-party risk assessments and collaborate with internal stakeholders and vendors to identify, document, and track risk treatment plans.
- Support contract reviews by providing information security and third-party risk input.
- Bachelors degree in information technology, cybersecurity, risk management, law, compliance, business administration, or a related field.
- 5+ years of information security experience with a focus on GRC, risk assessments, policy development, or compliance.
- Hands-on experience supporting information security risk management and/or third-party risk management programs.
- Experience in large or complex enterprise environments is preferred.
