Governance Risk Compliance (GRC) Senior Associate

Governance Risk Compliance (GRC) Senior Associate

Key Responsibilities

Manage Vulnerability Management (VM) Program:

• Ensure all IT assets are comprehensively covered under the Vulnerability Management program.
• Ensure VM tasks (scanning, assessment) are carried out meticulously and as per the defined schedule.
• Lead the consolidation, diligent tracking, and timely closure of all reported vulnerabilities.
• Prepare accurate and insightful reports and trackers to provide visibility into the VM posture.

Manage Compliance & Regulatory Activities:

User Access Management (UAM)

IT audits

Perform other related activities crucial for maintaining a strong compliance posture.

Manage BAU (Business As Usual) / Operational Tasks:

• Lead

  Incident Management

  activities, from detection and response to the effective resolution of security incidents reported through various mediums.
• Conduct thorough

  review and assessment of security requirements

  from business, IT teams, and other peer functions.

• Drive security initiatives/Projects and implementations

  , ensuring successful deployment and integration of new security tools and processes.
• Ensure all

  Calendar activities

  (e.g., periodic reviews, control assessments) are completed in a timely manner.
• Ensure strict

  Compliance to Regulatory Guidelines

  , particularly IRDAI guidelines for risk assessment.
• Conduct

  Risk Assessment of all Security Controls Annually

  to identify gaps and areas for improvement.

• Drive third-party security assessments

  and ensure vendor compliance.

• Review Security Architecture and Change Approvals

  to ensure security is embedded by design.

• Review Approvals for Security Exceptions

  , ensuring appropriate justification and mitigation.
• Oversee the

  Governance of all Audit and IRDAI open points

  , driving their closure.

• Manage SOC (Security Operations Center) operations

  and ensure continuous compliance with security monitoring requirements.
• Ensure continuous

  compliance to all the Security Controls implemented

  across the organization.
• Provide

  Governance of all Outsourced work

  related to security.

Preferred Candidate Profile

• Subject Knowledge & Expertise:

  Deep and current subject knowledge in information security, cyber security, and data security domains.

• Evolving Technologies:

  Good understanding of evolving cybersecurity technologies and their applicability.

• Security Project Management:

  Practical and hands-on experience in managing end-to-end security projects.

• Business Acumen:

  Strong understanding of the business landscape and the applicability of security controls within that context.

• Stakeholder Coordination:

  Proven ability to coordinate effectively with all global stakeholders for security tools implementation and compliance initiatives.

• Risk Assessment:

  Experience in conducting risk assessments as per IRDAI Guidelines.

• Audit Governance:

  Demonstrated capability in the governance of all audit findings and IRDAI open points.

Competencies

• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal abilities for effective stakeholder coordination.
• Proactive and self-driven with a strong sense of ownership.
• Ability to work under pressure and manage multiple priorities effectively.