Job Title

Job DescriptionPosition: GRC Analyst – Governance, Risk & ComplianceExperience: 0–2 Years (Approx. 1 Year Preferred)Role OverviewWe are looking for a motivated IT Risk & Cybersecurity GRC professional (0–2 years of experience) to support governance, internal audit readiness, regulatory compliance activities and user access review processes within a regulated insurance environment.The role will work closely with the Senior GRC team to assist in audit coordination, evidence tracking, risk documentation and control validation. This position is execution-focused and provides strong exposure to IRDAI, CERT-IN, internal audits and enterprise risk governance.Key ResponsibilitiesRisk & Control Governance• Support risk assessments and control testing across IT and cybersecurity domains• Assist in maintaining risk registers and updating risk status in GRC platforms• Track closure of audit observations and remediation items• Support documentation of risk acceptance and mitigation actions• Assist in identifying control gaps and documenting improvement plansInternal & Regulatory Audit Support• Support preparation for:o IRDAI Cyber Security Auditso CERT-IN compliance reviewso Internal audits (including Big 4)o Financial & ITGC audits• Coordinate collection of audit evidences from stakeholders• Maintain audit trackers and remediation status updates• Assist in preparing responses to audit observations• Ensure proper documentation and version control of audit artefactsUser Access Governance • Support execution of:o Privileged Access Reviewso Normal User Access Reviewso Joiner-Mover-Leaver (JML) validations• Collect and validate access review confirmations from business owners• Assist in identifying excessive/inappropriate access• Track closure of access-related observations• Support review of PAM reports and access certification evidenceThird Party Risk Management• Support vendor risk assessments during onboarding• Maintain third-party risk trackers• Assist in reviewing vendor security questionnaires and BCP documents• Track remediation commitments from vendorsKPI / KRI / KCI Support• Assist in compiling security KPIs, KRIs and KCIs• Support preparation of dashboards for management review• Maintain data accuracy for governance reportingRegulatory Compliance Support• Assist in implementing circulars from IRDAI, CERT-IN and other regulators• Support gap assessments and compliance documentation• Help maintain compliance evidence repository• Basic knowledge of data privacy (DPDP Act fundamentals) and cybersecurity hygiene.Policy & Documentation Management• Assist in review and formatting of ISMS and BCMS policies• Maintain policy version control and approval records• Support documentation updates aligned to regulatory changesBusiness Continuity & DR Support• Support documentation for BCP and DR readiness• Assist in coordinating DR drill documentation and evidence collection• Maintain application criticality classification recordsGRC Platforms & Reporting• Hands-on working exposure (or willingness to learn) GRC tools such as:o IBM OpenPages (preferred)o Archer / MetricStream / equivalent• Update risk registers and issue trackers• Support generation of governance reportsSecurity Awareness & Training Support• Assist in rollout of security awareness programs• Track training completion metrics• Support awareness communications and campaignsMandatory Skills & Experience• 0–2 years of experience in IT Risk / Cybersecurity / Audit / Compliance• Basic understanding of IT controls and cybersecurity concepts• Exposure to audit or compliance activities (preferred)• Understanding of user access management concepts• Proficiency with Excel/Sheets, PowerPoint and documentation.• Strong documentation and communication skills• Good analytical ability and attention to detail• Ability to manage multiple trackers and deadlinesPreferred Qualifications• Bachelor’s degree in IT, Computer Science, Engineering or related field• Basic knowledge of ISO 27001 / ITGC controls• Internship or exposure in BFSI / Insurance sector (preferred)• Certifications like ISO 27001 / CEH / Security+ (good to have)What We Are Looking ForA detail-oriented, process-driven professional who:• Is eager to build a career in IT Risk & GRC• Can manage documentation and evidence with accuracy• Has foundational knowledge of access governance• Can work collaboratively with cross-functional teams• Is disciplined with timelines and audit expectations• Demonstrates ownership of assigned workstreams