Chief Manager - GRC (Regulatory Compliance)

The Information Security GRC Specialist will be responsible for leading and managing the Governance, Risk, and Compliance (GRC) function within the organization. This role ensures adherence to regulatory requirements, conducts control testing, and implements security risk management practices in alignment with global standards. The ideal candidate should have a deep understanding of security frameworks, compliance requirements, and risk assessment methodologies.

Key Responsibilities:

1) Regulatory Compliance and Coordination with Regulators

• Lead the development and implementation of system-wide risk management frameworks to identify and monitor information security risks.
• Understand regulatory and business requirements and ensure information security compliance in alignment with RBI, UIDAI, CERT-IN, DPSC, IRDAI, and other global regulations.
• Act as the primary liaison with regulatory bodies, ensuring timely compliance with cybersecurity mandates and regulatory filings.

2) Control Testing (ITGC) and Global Standards (NIST, ISO 27001)

• Conduct technical risk assessments for applications, IT general controls (ITGC), and cloud environments.
• Perform compliance assessments aligned with international security standards such as NIST, ISO 27001, and CIS controls.
• Validate the effectiveness of security controls and ensure continuous improvement in security postures.

3) Security KPIs and KRI’s

• Identify and define Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for measuring the effectiveness of information security initiatives.
• Develop security metrics to track compliance, risk mitigation, and operational security efficiency.

4) Understanding of Security Technologies

• Strong knowledge of security tools and technologies such as Firewalls, IDS/IPS, DDoS protection, SIEM, DLP, and vulnerability management solutions.
• Ability to interpret security logs, alerts, and incident data to enhance security operations.

5) Project Management Skills

• Lead and manage complex security projects, ensuring timely implementation and compliance with regulatory mandates.
• Collaborate with cross-functional teams and senior management to align security initiatives with business objectives.

6) Soft Skills

• Strong communication skills to articulate security risks and solutions effectively.
• Ability to engage with stakeholders, auditors, and regulators confidently.