Job Title

Location: MumbaiExperience: 0-10 yearsRole OverviewWe are seeking highly motivated and detail-oriented professionals for the GRC (Governance, Risk & Compliance) / Information Security function. The role involves supporting and leading cybersecurity compliance, risk assessments, audit engagements, and implementation of global security frameworks across diverse industries including BFSI, IT, Healthcare, and SaaS.ResponsibilitiesPerform Information Security Risk Assessments (ISRA) and gap assessments. Support implementation of ISO 27001, ISO 27701, ISO 22301, and ISO 42001 frameworks. Conduct internal audits, compliance audits, and control testing. Assist in policy drafting and documentation (ISMS, PIMS, BCMS, etc.). Work on regulatory compliance, including GDPR, DPDPA, HIPAA, and SOC 2. Support Third-Party Risk Management (TPRM) and vendor assessments. Perform risk identification, analysis, and mitigation planning. Participate in client audits, stakeholder discussions, and reporting. Prepare audit reports, risk registers, and compliance dashboards. Conduct security awareness and training sessions for clients. Ensure documentation of processes and controls aligned with standards. Track compliance status and closure of audit findings. Support client onboarding, pre-sales, and proposal documentation. Monitor updates in cybersecurity laws, standards, and regulations. QualificationsStrong understanding of Information Security & GRC concepts Knowledge of ISO 27001, ISO 27701, SOC 2, GDPR, DPDPA Experience in risk assessment methodologies Ability to draft policies, SOPs, and audit reports Familiarity with regulatory frameworks (RBI, SEBI, etc.) Excellent analytical and problem-solving skills Strong documentation and reporting capabilities Good communication and client-facing skills Understanding of IT controls, cloud security, and access management Exposure to TPRM / vendor risk assessments Experience with GRC tools/platforms (preferred) Ability to manage multiple projects and deadlines Bachelor’s degree in IT, Cybersecurity, Computer Science, or related field MBA (IT / Systems / Risk / Compliance) – Preferred for Manager roles ISO 27001 Lead Implementer / Lead Auditor, CISA, CISM, CRISC ISO 27701 / ISO 22301 / ISO 42001 certifications GDPR / Data Privacy certifications (e.g., DCPP, CIPM – optional)