Job Title

Job Title: GRC Deputy Manager – Information Security & Data PrivacyLocation: ChennaiExperience: 4+ YearsNotice Period: Immediate to 30 days preferredEmployment Type: Full-timeRole OverviewWe are seeking a GRC Deputy Manager with strong hands-on experience in Governance, Risk & Compliance (GRC), Information Security, and Data Privacy. The role involves supporting enterprise-wide security governance programs, conducting risk assessments, ensuring regulatory compliance, and driving data privacy initiatives across business and technology teams.Key ResponsibilitiesGovernance, Risk & Compliance (GRC)- Support development and maintenance of information security governance frameworks, policies, and standards - Conduct IT, cyber, and third-party risk assessments and track remediation actions - Assist in enterprise risk registers, KRIs, and risk reporting to senior stakeholders - Support internal audits, external audits, and regulatory assessmentsInformation Security- Implement and monitor ISMS controls aligned to ISO 27001 and industry best practices - Support security risk assessments across applications, infrastructure, cloud, and third parties - Work closely with IT, security, and business teams to address control gaps - Track security incidents, risk exceptions, and corrective action plansData Privacy & Regulatory Compliance- Support data privacy programs aligned with GDPR, DPDP Act, and global privacy regulations - Assist in DPIAs, RoPA documentation, and data classification exercises - Review privacy clauses, vendor contracts, and data sharing agreements - Support privacy audits and regulatory compliance reportingStakeholder & Program Support- Coordinate with cross-functional teams including IT, Legal, Compliance, and Business units - Prepare management dashboards, compliance metrics, and audit reports - Support awareness and training programs on information security and data privacyRequired Skills & Experience- 4+ years of experience in GRC, Information Security, and Data Privacy - Strong understanding of: - GRC frameworks and risk management methodologies - ISO 27001 / ISMS controls - Data privacy regulations (GDPR, DPDP Act, etc.) - Experience in risk assessments, audits, and compliance reporting - Exposure to third-party/vendor risk management is a plus - Strong documentation, communication, and stakeholder management skillsPreferred Qualifications- Certifications such as ISO 27001 LA/LI, CISA, CISM, CISSP, or privacy certifications (CDPSE / CIPM / CIPP) are a plus - Experience working in consulting, BFSI, IT services, or GCC environments preferred