GRC Analyst
3 days ago
Job Title: GRC Analyst
Location: Tiruchirappalli (Onsite)
Shift Timing: Night shift
Qualification: Bachelors degree in Information Technology or a related field
Certifications (Preferred): CISSP, CRISC, or other relevant Information Security certifications
Job Summary:
We are seeking a detail-oriented and experienced GRC Analyst to assess and prioritize information security risks, ensure compliance with regulatory requirements, and implement information security policies and standards across the organization. The ideal candidate will play a pivotal role in preparing the organization for audits and certifications, leading internal assessments, and supporting the Information Security Management System (ISMS).
Key Roles & Responsibilities:
- Assess and prioritize information security and cybersecurity risks across the organization.
- Ensure compliance with regulatory standards and internal information security policies.
- Develop and report on key information security and compliance metrics.
- Act as Lead Implementer and Internal Auditor for ISMS and other security frameworks.
- Implement ISO policies and procedures throughout the organization.
- Manage client compliance and security assessments.
Handle implementation and audits for standards including:
ISO/IEC 27001:2013 & 27001:2022
SOC 1 Type 2 & SOC 2 Type 2
Prepare audit reports and audit plans; lead meetings and drive readiness for ISO certification.
- Conduct regular internal audits on ISMS, track non-conformities (NCs), and ensure timely closures.
- Deliver information security awareness training and incident prevention programs.
- Review and interpret Vulnerability Assessment & Penetration Testing (VAPT) reports.
- Evaluate and document Business Continuity Plan (BCP) test results.
- Coordinate with stakeholders during internal and external audits.
- Participate in projects with information security requirements.
- Conduct monthly assessments of employee compliance with security policies.
- Demonstrate hands-on experience with external audit processes and interactions.
