GRC Analyst

Pinkvilla is seeking a dynamic Information Security professional, who will play a key role in driving compliance programs, managing audits, supporting data protection initiatives, and ensuring third-party security risks are effectively identified and mitigated. Key Responsibilities Governance, Risk & Compliance (GRC) Develop, implement, and maintain information security policies, standards, and procedures. Conduct risk assessments and drive risk treatment/mitigation plans. Support security audits and ensure timely closure of findings. Monitor compliance with frameworks/standards such as ISO 27001, NIST, CIS Collaborate with security engineering and SOC teams on remediation of vulnerabilities, incident response, and security enhancements. Contribute to cross-functional security initiatives requiring governance, technical, and operational alignment. Provide training and awareness on security to drive security aware culture Data Protection Identify and mitigate risks associated with processing of personal and sensitive data. Oversee data data classification, retention, and secure disposal practices. Lead initiatives around Data Loss Prevention (DLP) — including policy finetuning, incident monitoring, and working with stakeholders on data handling improvements. Third-Party Risk Management (TPRM) Conduct security assessments and due diligence for vendors, partners, and service providers. Review and evaluate vendor security controls, certifications, and compliance posture. Manage the third-party risk lifecycle, including onboarding, periodic reviews, and issue remediation. Work with procurement, legal, and business teams to integrate security requirements into contracts and agreements. Qualifications: Bachelor’s degree in Computer Science or Information Security or related field 4–6 years of experience in Information Security roles with focus on GRC, Data Protection, and TPRM. Strong understanding of security standards (ISO 27001, NIST, etc.). Experience conducting risk assessments, vendor due diligence, and compliance reviews. Good knowledge of data protection principles, privacy laws, and security best practices. Excellent documentation, communication, and stakeholder management skills. Preferred Skills: Relevant certifications such as CISM, CISA, ISO 27001, CIPM, or CRISC . Experience with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust, or similar). Knowledge of cloud security and SaaS vendor risk assessments.