GRC Analyst/Senior Analyst- Hyderabad

Job Description: Governance, Risk, and Compliance (GRC) Analyst

Position Title: IT Security Governance, Risk, and Compliance (GRC) Analyst

Department: IT Security

Reports To: Senior Manager, IT Security

Job Type: Full-Time

Role Summary

The Governance, Risk, and Compliance (GRC) Analyst is responsible for supporting the organization's information security governance, risk, and compliance activities in alignment with ISO/IEC 27001:2022 and SOC 2 Trust Services Criteria.

This role plays a key part in maintaining the Information Security Management System (ISMS), coordinating risk assessments, performing control testing, tracking remediation efforts, and ensuring the organization remains audit-ready at all times.

The GRC Analyst collaborates closely with IT, Security Operations, Legal, Privacy, and Business Units to promote a strong risk and compliance culture across the organization.

Key Responsibilities

1. Governance & ISMS Management

2. Maintain and update information security policies, standards, and procedures to align with ISO 27001 and SOC 2 frameworks.

3. Administer the Statement of Applicability (SoA) and ensure control implementation status is accurate.
4. Support the ongoing maintenance and continuous improvement of the organization's ISMS.
5. Coordinate policy review and attestation campaigns; ensure records of acceptance and compliance are maintained.

6. Assist with preparing documentation and metrics for ISMS Steering Committee or GRC Governance Board meetings.

7. Risk Management

8. Conduct and document information security risk assessments using approved risk methodologies.

9. Maintain and update the risk register, including risk scoring, treatment plans, and residual risk tracking.
10. Support third-party/vendor risk assessments by evaluating supplier security posture and compliance.
11. Track mitigation activities and verify completion of risk treatment actions.

12. Develop and monitor Key Risk Indicators (KRIs) and generate risk posture reports for management.

13. Compliance & Audit Support

14. Support internal and external ISO 27001 certification and SOC 2 Type II audit activities.

15. Coordinate evidence collection, control testing, and follow-up for internal and third-party audits.
16. Conduct periodic control self-assessments (CSA) to validate operational effectiveness of key controls.
17. Manage and track nonconformities, corrective and preventive actions (CAPA), and ensure timely closure.

18. Maintain awareness of evolving regulations and standards impacting the organization's compliance obligations.

19. Reporting & Continuous Improvement

20. Develop and maintain GRC dashboards and reports showing audit readiness, risk trends, and compliance posture.

21. Prepare materials and metrics for Management Reviews as required under ISO 27001 Clause 9.3.
22. Identify opportunities for process improvement and automation within GRC workflows.

23. Capture lessons learned from incidents, risk assessments, and audits to drive continuous improvement.

24. Tool Administration & Documentation

25. Support configuration and maintenance of GRC tools (e.g., ServiceNow GRC, Archer, OneTrust, or similar).

26. Manage document control processes and ensure all ISMS documentation complies with ISO 27001 Clause 7.5.
27. Ensure proper versioning, access control, and archival of compliance evidence and audit artifacts.

Required Qualifications

Category Requirements

Education Bachelor's degree in Information Security, Computer Science, Risk Management, or related field. Equivalent work experience may be considered.

Certifications (Preferred) ISO/IEC 27001:2022 Internal Auditor or Lead Implementer, SOC 2 Practitioner, CRISC or CISA.

Experience 2–5 years of experience in GRC, Information Security, or Audit (preferably supporting ISO 27001 or SOC 2).

Framework Knowledge Strong understanding of ISO 27001:2022, SOC 2 Trust Services Criteria, NIST CSF, and risk management principles.

Technical Skills Familiarity with GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust), risk assessment tools, and audit workflows.

Soft Skills Strong analytical and writing skills, attention to detail, ability to communicate complex topics to non-technical stakeholders, and collaborative mindset.

Our purpose

Deloitte's purpose is to make an impact that matters for our people, clients, and communities. At Deloitte, purpose is synonymous with how we work every day. It defines who we are. Our purpose comes through in our work with clients that enables impact and value in their organizations, as well as through our own investments, commitments, and actions across areas that help drive positive outcomes for our communities.

Our people and culture

Our inclusive culture empowers our people to be who they are, contribute their unique perspectives, and make a difference individually and collectively. It enables us to leverage different ideas and perspectives, and bring more creativity and innovation to help solve our clients' most complex challenges. This makes Deloitte one of the most rewarding places to work.

Professional development

At Deloitte, professionals have the opportunity to work with some of the best and discover what works best for them. Here, we prioritize professional growth, offering diverse learning and networking opportunities to help accelerate careers and enhance leadership skills. Our state-of-the-art DU: The Leadership Center in India, located in Hyderabad, represents a tangible symbol of our commitment to the holistic growth and development of our people. Explore DU: The Leadership Center in India.

Benefits to help you thrive

At Deloitte, we know that great people make a great organization. Our comprehensive rewards program helps us deliver a distinctly Deloitte experience that helps that empowers our professionals to thrive mentally, physically, and financially—and live their purpose. To support our professionals and their loved ones, we offer a broad range of benefits. Eligibility requirements may be based on role, tenure, type of employment and/ or other criteria. Learn more about what working at Deloitte can mean for you.

Recruiting tips

From developing a stand out resume to putting your best foot forward in the interview, we want you to feel prepared and confident as you explore opportunities at Deloitte. Check out recruiting tips from Deloitte recruiters.

Requisition code: 318367