GRC Auditor

Job Title: GRC Auditor

Employer: Softcell Technologies Global Private Limited (CERT-In Empanelled)

Location: Mumbai(onsite)

About Softcell Technologies: Softcell Technologies Global Private Limited is a CERT-In empanelled IT infrastructure solutions provider. We specialize in IT Security, Infrastructure Integration, Mobility Solutions, and Engineering Services. With over 2000 enterprise customers, we are a trusted advisor in IT compliance and security.

Role Overview:

The GRC (Governance, Risk, and Compliance) Auditor will be responsible for managing

compliance projects and orders for Softcell Technologies clients. This role involves

assessing/auditing client environments to ensure adherence to regulatory requirements,

governance frameworks, and industry best practices. The auditor will work closely with

clients to identify compliance gaps, recommend corrective actions, and support the

implementation of governance, risk, and compliance initiatives.

Key Responsibilities:

1. Compliance Project Management:

Lead compliance and GRC projects for Softcell clients, ensuring timely and high- quality delivery. Define project objectives, scope, and deliverables in collaboration with clients. Act as a trusted advisor to clients on compliance and risk management issues.

1. Audit Planning and Execution:
   
   Develop and execute audit plans to evaluate client compliance with NIST, CERT-In guidelines, ISO 9001, IS0 27701, ISO 27001, GDPR and other relevant standards. Conduct detailed assessments of client IT systems, processes, and controls to identify non-compliance and risks.
   
   Perform gap analysis and recommend remediation measures to address deficiencies.

2. Risk Management:
   
   Identify, assess, and prioritize risks within client environments.
   
   Collaborate with client teams to develop and implement risk mitigation strategies. Monitor and report on the effectiveness of risk controls.

3. Regulatory Compliance:
   
   Ensure client adherence to guidelines of the applicable regulatory frameworks. Provide guidance on implementing data protection, cybersecurity, and IT governance measures. Stay updated on regulatory changes and advise clients on their impact.

4. Governance Frameworks:
   
   Assist clients in establishing and maintaining governance frameworks aligned with industry standards.
   
   Develop policies, procedures, and guidelines to support governance objectives. Conduct training sessions for client teams on GRC practices and frameworks.

5. Reporting and Documentation:
   
   Prepare detailed audit reports, including findings, risks, and actionable
   
   recommendations.Document compliance status and provide periodic updates to clients and internal stakeholders.
   
   Support clients in maintaining compliance documentation and evidence.

6. Collaboration and Stakeholder Management:
   
   Work closely with client teams, regulatory bodies, and internal Softcell teams to ensure project success. Build strong relationships with client stakeholders to promote long-term engagement.

7. Continuous Improvement:
   
   Contribute to the development of new GRC methodologies, tools, and best practices. Identify opportunities to enhance Softcells compliance and audit processes.

Qualifications:

Educational Background:

Bachelors degree in information technology, Computer Science, or a related field. Advanced degrees or certifications in compliance, governance, or IT security are a plus.

Certifications:

Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified Risk and Information Systems Control (CRISC), or ISO Lead Auditor.

Familiarity with CERT-In, ISO 9001, IS0 27701, ISO 27001 and GDPR

Extra advantage knowledge of HIPAA, PCI-DSS, DPDPA, and NIST Cybersecurity Framework.

Experience:

Minimum 3 years of experience in compliance, GRC, or IT auditing roles.

Experience managing client-facing compliance projects is preferred.

Skills:

Strong knowledge of CERT-In guidelines, GDPR, IT Act 2000, DPDPA, ISO and industry best practices. Proficiency in GRC tools and technologies.

Excellent analytical, problem-solving, and communication skills.

Ability to manage multiple projects and prioritize tasks effectively.

Key Performance Indicators (KPIs):

Timely and successful delivery of client compliance projects.

Client satisfaction scores and positive feedback.

Identification and resolution of compliance gaps.

Alignment of client systems with regulatory and governance frameworks.