Analyst III - Information Security

3 - 5 Years
1 Opening
Hyderabad

Role Summary

The GRC Technical Writer is responsible for documenting, standardizing, and maintaining cybersecurity governance, risk, and compliance (GRC) processes and artifacts. This role focuses on cybersecurity governance workflows, risk and exception management, policy and standards documentation, and audit-ready process artifacts.
The position works closely with GRC, Cybersecurity, Risk, Compliance, and IT stakeholders to translate governance and operational practices into clear, structured, and compliant documentation aligned with regulatory and enterprise requirements.

Key Responsibilities

GRC Process Documentation

• Document current-state (as-is) cybersecurity GRC processes under guidance from senior GRC and Cybersecurity stakeholders.

• Capture governance workflows related to risk identification, risk assessment, control management, and compliance oversight.

• Document control lifecycle processes including control design, implementation, monitoring, and validation.

• Develop clear process narratives, flowcharts, and swim-lane diagrams representing end-to-end GRC workflows.

• Validate documented processes with stakeholders and incorporate feedback to ensure accuracy and consistency.

Governance, Risk & Exception Management Documentation

• Document cybersecurity governance frameworks, approval workflows, decision points, and escalation mechanisms.

• Assist in documenting security exception, risk acceptance, and deviation management processes.

• Capture exception intake, review, approval, tracking, remediation, and closure activities.

• Maintain traceability between policies, standards, risks, controls, findings, and approved exceptions.

Policy, Standards & Procedure Development

• Support the development, review, and maintenance of cybersecurity policies, standards, and procedures.

• Update documentation based on regulatory changes, audit findings, control updates, or process improvements.

• Ensure all documentation adheres to approved templates, naming conventions, version control, and documentation standards.

• Simplify complex technical and regulatory language into clear, concise, and business-friendly content.

Stakeholder Collaboration & Requirements Gathering

• Collaborate with GRC, Cybersecurity, Risk, Compliance, and IT teams to gather documentation requirements.

• Participate in walkthroughs, workshops, and working sessions to capture governance and process details.

• Clarify assumptions, dependencies, and requirements to ensure documentation completeness and accuracy.

Audit, Compliance & Knowledge Management Support

• Support audit and compliance readiness by maintaining accurate, current, and well-structured GRC documentation.

• Assist with preparation of documentation evidence related to policies, standards, risk assessments, and controls.

• Maintain documentation repositories such as SharePoint or Confluence.

• Follow established documentation standards, classification guidelines, and retention requirements.

Required Skills & Experience

• 3–5 years of experience as a Technical Writer, Business Analyst, or Documentation Specialist supporting GRC, Cybersecurity, Risk, or Compliance teams.

• Foundational understanding of cybersecurity governance, risk management, and compliance concepts.

• Hands-on experience documenting policies, standards, procedures, and business processes.

• Strong written communication skills with exceptional attention to detail.

• Ability to work effectively with multiple stakeholders and incorporate structured feedback.

Preferred Qualifications

• Exposure to cybersecurity governance, risk management, audit, or compliance processes.

• Familiarity with frameworks such as NIST CSF, ISO/IEC 27001, CIS Controls, HIPAA, SOX, or similar (documentation context).

• Experience using documentation and diagramming tools such as Microsoft Word, Visio, Lucidchart, Confluence, or SharePoint.

Behavioral & Professional Competencies

• Strong documentation discipline and organizational skills.

• Process-driven and analytical mindset.

• Ability to quickly understand governance, risk, and compliance concepts.

• Collaborative, responsive, and detail-focused working style.

cybersecurity,risk management programs,grc tool,cyber security risk assessment,