GRC Lead

3 weeks ago

Anand, Gujarat, India YASH Technologies Full time

Job Description:

We are looking for a senior cybersecurity GRC (Governance, Risk, and Compliance) professional.
Strong background in GRC frameworks such as NIST CSF, ISO 27001, and similar standards.
Hands on experience with risk management processes, security documentation writing, security assessments.
Candidates will work closely with different teams within the cybersecurity practice, COE's, business teams, customer cybersecurity teams
Candidate will analyze the cybersecurity risks associated with the implementation of security solutions, secure processes and computing environments changes.
Candidates will collaborate with other cybersecurity teams to help clients prioritize and implementing risk mitigating controls and solutions.

Job Responsibilities:

1. Governance, Risk, and Compliance (GRC):

Lead and execute security assessments against recognized frameworks like NIST CSF, ISO 27001, SOC 2, and others.
Develop, implement, and manage GRC initiatives for customers.
Perform gap assessments and provide recommendations for compliance and risk mitigation.
Drive development and maintenance of risk management processes and tools.

2. Security Documentation and Policy Development:

Draft, review, and refine security policies, procedures, and technical documentation.
Develop security documentation such as risk assessment reports, compliance roadmaps, and certification support materials.
Ensure all documentation aligns with industry best practices and regulatory requirements.

3. Security Assessments:

Conduct in-depth security assessments, including readiness assessments for certifications (e.g., ISO 27001 certification audits, NIST CSF Maturity assessments).
Evaluate the effectiveness of existing security controls and provide actionable recommendations for improvement.
Facilitate security control mapping exercises between frameworks (e.g., ISO 27001, NIST CSF, PCI-DSS, HIPAA, NIS2, DORA etc.).

4. Collaboration and Stakeholder Management:

Work closely with customer security teams to understand their environment, challenges, and objectives.
Provide technical and strategic advisory to customers regarding cybersecurity best practices.
Act as the primary point of contact for GRC-related initiatives, ensuring clear communication and alignment.

5. Communication and Reporting:

Create detailed reports and presentations tailored for both technical teams and leadership audiences.
Communicate technical concepts effectively to non-technical stakeholders.

6. Training and Awareness:

Support security awareness, phishing and training initiatives for customers to enhance their understanding of GRC practices.
Mentor team members and provide guidance on GRC activities.

7. Required Qualifications and Skills:

Experience: 10–12 years of experience in cybersecurity GRC roles, including hands-on exposure to frameworks like ISO 27001, NIST CSF, SOC 2, and others.
Documentation Expertise: Proven ability to create clear, concise, and technically accurate security policies, procedures, and assessments.
Assessment Skills: Experience conducting security assessments, gap analysis, and control mapping exercises across multiple frameworks.

Communication:

Excellent written and verbal communication skills; ability to engage with both technical and non-technical stakeholders.

Framework Knowledge:

In-depth understanding of governance, risk management, and compliance frameworks and their implementation.

Certifications:

Preferred certifications include ISO 27001 Lead Auditor/Implementer, CISSP, CISA, CISM, CRISC, or other relevant certifications. (Mandatory at least 1)

Preferred experience:

Experience working with global customers and understanding region-specific regulations (e.g., GDPR, DORA, CCPA).
Exposure to privacy frameworks, PIAs, privacy objectives.
Familiarity with cloud security governance frameworks (e.g. CCA-CCM etc.) for AWS . Azure etc.
Experience in third part risk management TPRM

Soft Skills:

Senior AI Architect