GRC Analyst

We are looking for a GRC Analyst candidate should have hands on experience with Cybersecurity risk assessment, Control testing and Compliance audits.

Job Description:

• Collaborate across departments to prepare for audits, customer due diligence, and regulatory reviews, ensuring internal processes meet assurance requirements.

• Work closely with engineering, IT, and infrastructure teams to validate that access management, encryption protocols, system settings, and network design are compliant with internal policies and external obligations.

• Contribute to the design and upkeep of a centralized control framework that integrates technical safeguards with contractual, legal, and industry-standard requirements.

• Assess technical documentation, audit outcomes, and system evidence to evaluate control performance, identify weaknesses, and help shape remediation strategies.

• Support the roll-out of a company-wide monitoring program by coordinating risk reporting, overseeing remediation progress, and maintaining detailed compliance records and visualizations.

• Maintain up-to-date compliance reports and dashboards that reflect control maturity, program status, and audit readiness across key domains.

• Track and interpret updates to global compliance frameworks and regulatory guidance, assessing their operational impact and recommending adjustments to internal controls.

• Help operationalize compliance requirements by converting them into scalable technical and procedural practices embedded within business workflows.

Non Technical:

• Analytical thinker

• Collaborative team player

• Excellent written and verbal communication

• Capable of bridging the gap between business demands and cybersecurity requirements

• Ability to articulate cybersecurity risks in business terms

• Demonstrable knowledge of information security standards, data security practices and procedures

• Understanding of the impact of various data protection and integrity controls, operating systems and network security controls, authentication controls, and security protocols

Qualifications:

• Bachelor’s degree in Computer Science, Information Security, Business and Risk Management, or a related field.

• 2+ years of experience in GRC, audit, compliance, or risk management roles.

• Understanding of common frameworks and regulations (e.g., NIST, COBIT, ISO, SOX, GDPR).

• Strong analytical, organizational, and communication skills.

Preferred:

• Certifications such as CISA, CRISC, CISSP, or ISO 27001 Lead Implementer/Auditor.

• Familiarity with GRC tools (e.g., RSA Archer, ServiceNow GRC, LogicGate).

• Experience working with cross-functional teams including Legal, IT, Security, and Internal Audit.

Job Type: Full-time

Pay: Rs250,000.00 - Rs350,000.00 per month

Work Location: In person