Cybersecurity - GRC Specialist

Job Title:
Cybersecurity GRC Specialist

Location:
Chennai

Job Type:
Onsite - Work from office

Experience:
7+ years (with at least 5 years in GRC-focused roles)

About Neysa
Neysa is an AI Acceleration Cloud System provider, dedicated to democratizing AI adoption with purpose-built platforms and services for AI-native applications and workloads. Co-founded by industry leaders, we empower businesses to discover, deploy, and scale Generative AI (Gen AI) and AI use cases securely and cost-effectively. Our flagship platforms—Neysa Velocis, Neysa Overwatch, and Neysa Aegis—accelerate AI deployment, optimize network performance, and safeguard AI/ML landscapes. We are committed to enabling AI-led innovation across industries and geographies.

Role Overview
We are looking for an experienced Governance, Risk & Compliance (GRC) Specialist to join our security team. In this role, you will own the end-to-end compliance lifecycle— covering certifications, security audits, and customer/vendor documentation—while equipping Sales and Customers with up-to-date security collateral. The ideal candidate brings a strong mix of compliance expertise, stakeholder management, and technical insight to drive both internal security programs and external customer trust.

Key Responsibilities

• Governance & Compliance

• Design, implement, and manage security compliance programs across our on-premise private cloud infrastructure, aligned with ISO 27001, 27017, 27018, SOC2, DPDPA, and PCI DSS.

• Conduct risk assessments, gap analyses, and treatment planning with a focus on cloud environments.
• Lead internal compliance readiness activities and manage external audits, ensuring timely closure of findings.
• Maintain and enhance GRC documentation, including control matrices, risk registers, and compliance reports.

• Develop and update security policies and procedures in line with evolving business and compliance needs.

• Customer & Stakeholder Engagement

• Respond to customer security questionnaires, RFPs, and due diligence requests.

• Maintain a central repository of security FAQs, certifications, and compliance collateral for Sales enablement.
• Lead security-related discussions with customers, vendors, and auditors, ensuring transparency and trust.
• Collaborate with DevOps, IT, and Infrastructure teams to integrate GRC requirements into the platform lifecycle and embed security-by-design principles.
• Partner with SOC teams for threat detection, monitoring, and incident response use case development.Risk & Security Assessments (including VAPT)
• Plan, conduct, and coordinate vulnerability assessments and penetration tests (VAPT) across applications, systems, and networks.
• Support infrastructure hardening and maintain audit-ready evidence.
• Work with internal teams and third-party vendors for specialized security assessments.
• Analyze findings from vulnerability scans, penetration tests and hardening findings, providing actionable remediation guidance.
• Collaborate with technical teams to prioritize risks, ensure secure configurations, and track remediation progress.
• Assist in securing network and virtual infrastructure components (firewalls, WAF, proxy, VPN, segmentation).

Required Skills & Qualifications

• Bachelor's or Master's degree in Information Security, Computer Science, o related field.
• 7+ years of cybersecurity experience, with at least 5 years in GRC-focused roles.
• Proven experience in achieving and maintaining compliance with ISO 27001, 27017, 27018, SOC 2, DPDPA, and PCI DSS.
• Experience with VAPT, vulnerability management, and remediation tracking.
• Strong understanding of security frameworks such as NIST CSF, CIS Controls, and ISO standards.
• Effective communicator with the ability to engage Customer, engineering. operations, and executive stakeholders.
• Excellent communication skills with the ability to simplify technical concepts for non-technical stakeholders.
• Strong organizational and project management skills.

Preferred Certifications

• GRC-focused: CISA, CISM, CRISC, CISSP, ISO 27001 Lead
• Implementer/Auditor. (Minimum One)
• Technical: CEH, OSCP, or equivalent. (Optional)