GRC Lead

Job Description:

• We are looking for a senior cybersecurity GRC (Governance, Risk, and Compliance) professional.
• Strong background in GRC frameworks such as NIST CSF, ISO 27001, and similar standards.
• Hands on experience with risk management processes, security documentation writing, security assessments.
• Candidates will work closely with different teams within the cybersecurity practice, COE's, business teams, customer cybersecurity teams
• Candidate will analyze the cybersecurity risks associated with the implementation of security solutions, secure processes and computing environments changes.
• Candidates will collaborate with other cybersecurity teams to help clients prioritize and implementing risk mitigating controls and solutions.

Job Responsibilities:

1. Governance, Risk, and Compliance (GRC):

• Lead and execute security assessments against recognized frameworks like NIST CSF, ISO 27001, SOC 2, and others.
• Develop, implement, and manage GRC initiatives for customers.
• Perform gap assessments and provide recommendations for compliance and risk mitigation.
• Drive development and maintenance of risk management processes and tools.

2. Security Documentation and Policy Development:

• Draft, review, and refine security policies, procedures, and technical documentation.
• Develop security documentation such as risk assessment reports, compliance roadmaps, and certification support materials.
• Ensure all documentation aligns with industry best practices and regulatory requirements.

3. Security Assessments:

• Conduct in-depth security assessments, including readiness assessments for certifications (e.g., ISO 27001 certification audits, NIST CSF Maturity assessments).
• Evaluate the effectiveness of existing security controls and provide actionable recommendations for improvement.
• Facilitate security control mapping exercises between frameworks (e.g., ISO 27001, NIST CSF, PCI-DSS, HIPAA, NIS2, DORA etc.).

4. Collaboration and Stakeholder Management:

• Work closely with customer security teams to understand their environment, challenges, and objectives.
• Provide technical and strategic advisory to customers regarding cybersecurity best practices.
• Act as the primary point of contact for GRC-related initiatives, ensuring clear communication and alignment.

5. Communication and Reporting:

• Create detailed reports and presentations tailored for both technical teams and leadership audiences.
• Communicate technical concepts effectively to non-technical stakeholders.

6. Training and Awareness:

• Support security awareness, phishing and training initiatives for customers to enhance their understanding of GRC practices.
• Mentor team members and provide guidance on GRC activities.

7. Required Qualifications and Skills:

• Experience: 10–12 years of experience in cybersecurity GRC roles, including hands-on exposure to frameworks like ISO 27001, NIST CSF, SOC 2, and others.
• Documentation Expertise: Proven ability to create clear, concise, and technically accurate security policies, procedures, and assessments.
• Assessment Skills: Experience conducting security assessments, gap analysis, and control mapping exercises across multiple frameworks.

Communication:

• Excellent written and verbal communication skills; ability to engage with both technical and non-technical stakeholders.

Framework Knowledge:

• In-depth understanding of governance, risk management, and compliance frameworks and their implementation.

Certifications:

• Preferred certifications include ISO 27001 Lead Auditor/Implementer, CISSP, CISA, CISM, CRISC, or other relevant certifications. (Mandatory at least 1)

Preferred experience:

• Experience working with global customers and understanding region-specific regulations (e.g., GDPR, DORA, CCPA).
• Exposure to privacy frameworks, PIAs, privacy objectives.
• Familiarity with cloud security governance frameworks (e.g. CCA-CCM etc.) for AWS . Azure etc.
• Experience in third part risk management TPRM

Soft Skills:

• Strong stakeholder management and collaboration abilities.
• Ability to work independently and lead GRC initiatives in complex environments.
• Analytical mindset and problem-solving skills.