Senior Manager – Governance, Risk

Role Summary:

We are seeking a strategic and execution-focused Senior Manager/Associate Director – GRC to lead the design, implementation, and continuous improvement of Jiostar's governance, risk, and compliance function. You will play a pivotal role in securing business operations, ensuring regulatory readiness, and building a culture of accountability across teams and geographies.

Key Responsibilities:

• Leadership in GRC Framework Development: Spearhead the creation, implementation, and continuous enhancement of JioStar's GRC framework, ensuring alignment with organizational goals, industry best practices, and regulatory mandates
• Develop policies, standards, and procedures that promote governance and accountability
• Risk Management: Oversee enterprise-wide risk assessments to identify, analyze, and prioritize risks across operational, IT, cybersecurity, and compliance domains
• Design and implement risk mitigation strategies, ensuring proactive monitoring and reporting to senior leadership
• Compliance with Indian and International Regulations: Ensure adherence to relevant laws and standards, including the Information Technology Act (India), Digital Personal Data Protection Act (DPDPA), GDPR, ISO 27001, SOC 2, and PCI DSS
• Stay abreast of evolving regulatory landscapes and adapt compliance programs accordingly
• Audit Management: Lead internal and external audit processes, coordinating with stakeholders to prepare documentation, facilitate audits, and address findings. Ensure timely remediation of gaps and maintain audit readiness at all times
• Fostering a Security Culture: Champion security awareness and compliance training initiatives to embed a culture of responsibility and vigilance across all levels of the organization
• Engage with cross-functional teams to promote best practices in data protection and ethical conduct
• Policy Development and Implementation: Draft, review, and update GRC policies and procedures, ensuring they reflect current risks, regulatory requirements, and technological advancements in the digital services sector
• Third-Party Risk Oversight: Develop and manage a vendor risk assessment program to evaluate and monitor compliance and security risks associated with external partners and service providers
• Strategic Reporting: Provide regular updates, dashboards, and actionable insights on GRC performance, risk posture, and compliance status to executive leadership and relevant committees
• Collaboration and Leadership: Work closely with IT, legal, and business units to align GRC initiatives with operational needs
• Mentor and lead a team of GRC professionals, fostering growth and expertise
• Tooling & Automation
  :
  Automate control testing, evidence collection, and exception workflows

Skills and attributes for success:

• Strong understanding of security and privacy regulations (ISO 27001, SOC 2, GDPR, DPDP, PCI DSS, etc.)
• Demonstrated experience managing audits and regulatory engagements
• Strong stakeholder management skills—able to influence tech, product, and legal teams
• Hands-on experience with GRC tools and risk frameworks
• Excellent verbal and written communication skills for cross-functional collaboration
• Certifications preferred: CISA, CRISC, ISO 27001 LA, CIPM, or equivalent

Preferred Education and Experience:

• B-Tech or M-Tech in Computer Science or a related technical discipline from a reputed university
• 9+ years in GRC, risk, or compliance roles, with at least 3+ years leading security/compliance programs

Perched firmly at the nucleus of spellbinding content and innovative technology, JioStar is a leading global media & entertainment company that is reimagining the way audiences consume entertainment and sports. Its television network and streaming service together reach more than 750 million viewers every week, igniting the dreams and aspirations of hundreds of million people across geograph
ies.

JioStar is an equal opportunity employer. The company values diversity and its mission is to create a workplace where everyone can bring their authentic selves to work. The company ensures that the work environment is free from any discrimination against persons with disabilities, gender, gender identity and any other characteristics or status that is legally protected.

If you would like more information about how your data is processed, please contac
t us.