Governance Risk & Compliance Lead

Job Description

GRC Lead will manage and strengthen our Governance, Risk, and Compliance (GRC) initiatives for Managed Security Services (MSS) within the Telecom sector. The GRC Lead will be responsible for ensuring that the services we provide to our telecom clients adhere to industry standards, regulatory requirements, and robust risk management practices. This individual will play a key role in aligning our security services with client business objectives, improving our security posture, and ensuring compliance with telecom-specific regulations and frameworks. You have: 7+ years of experience in Governance, Risk, and Compliance (GRC), with at least 3 years in telecom or Managed Security Services (MSS) with a degree in Telecommunication Engineering, Computer Science, Information Security, or a related field (B.E/B.Tech/M.E/M.Tech/MCA). Expertise in telecom-specific security technologies: Firewalls, IDS/IPS, SIEM, encryption, access management, and incident response platforms. Experience working with security and compliance frameworks: ISO 27001, NIST CSF, PCI-DSS, GDPR, NIST SP 800-53, ETSI EN 303 645, also telecom infrastructure, including MPLS, 5G, IoT, and SDN/NFV. Familiarity with GRC tools such as RSA Archer, ServiceNow GRC, or MetricStream. Experience in telecom risk management processes, regulatory assessments, and vendor risk governance. It would be nice if you also had: Industry certifications such as CISM, CISA, CISSP, CRISC, ISO 27001 Lead Auditor/Implementer, TOGAF, or ITIL. Experience in stakeholder management, including executive communication, regulatory liaison, and conflict resolution with auditors or vendors. Strong analytical, negotiation, and project management skills in a cross-functional, multicultural telecom environment. Provide security governance leadership tailored to telecom networks, including mobile, 5G, SDN/NFV, and MPLS environments. Lead risk assessment, threat modeling, and management activities for telecom networks and emerging technologies like IoT and cloud. Ensure compliance with global and local telecom regulatory requirements (e.g., TRAI, DoT, GDPR, FCC, ETSI) through audits, reviews, and reporting. Manage and maintain telecom-specific security policies, technical and administrative controls, and compliance frameworks (ISO 27001, NIST, PCI-DSS). Act as the prime security and compliance interface towards customers, internal teams, auditors, subcontractors, and third-party suppliers. Develop and maintain a risk register, tracking treatment plans and mitigation strategies across client environments. Provide proactive consultation and guidance to customers regarding security best practices and compliance requirements. Oversee incident and crisis response activities to minimize business impact and regulatory exposure, ensuring adherence to notification guidelines. Ensure vendor security due diligence, contract compliance, and ongoing third-party risk monitoring within the telecom supply chain.