GRC Analyst / Secure Analyst

DIGITAP.AI provides high tech advanced AI / ML solutions to new age internet driven businesses for reliable, fast and 100% compliant Customer On boarding, Automated Risk Management along with Big Data enabled services like Risk Analytics and Customized Scorecards. For customers on boarding and risk management, Digitap.ai extracts the data from various sources through web scraping.

Job description - We are seeking a motivated and skilled GRC professional to join our team. As a GRC
Analyst, you will be responsible for managing cybersecurity risks, conducting
compliance assessments, and implementing security policies based on industry’s best
practices, including ISO 27001/22301 and RBI/SEBI guidelines. This role offers an
excellent opportunity to build and enhance your skills in the rapidly evolving field of
cybersecurity governance, risk management, and compliance.

Key Responsibilities -

• Compliance & Regulatory Oversight: Ensure compliance with applicable laws and

regulations, such as RBI/SEBI cybersecurity guidelines, GDPR, DPDP and other - local
and international frameworks.

• Risk Management: Assist in conducting risk assessments to identify, evaluate, and

prioritize risks related to information security and business operations.

• Audit Support: Support internal and external audits by preparing documentation,

coordinating audit activities, and ensuring compliance with cybersecurity policies and
standards.

• Cybersecurity Program Management: Work closely with IT, legal, and other

stakeholders to integrate cybersecurity risk management into business processes,
ensuring alignment with organizational goals.

• Policy Development & Training: Contribute to the development of information security

policies, procedures, and guidelines, and assist in delivering training programs to raise
awareness of security best practices across the organization.

• Continuous Improvement: Collaborate with various teams to assess the effectiveness

of existing controls and propose improvements to enhance the organization's
cybersecurity posture.

• Reporting & Documentation: Maintain clear and comprehensive documentation of risk

assessments, compliance activities, audits, and incident reports to provide transparency
to senior leadership and regulatory bodies.

Qualifications -

• 2-5 years of hands-on experience in Governance, Risk, and Compliance (GRC) roles.
• Good understanding of information security principles, controls, and risk management

methodologies, compliance and audits

• Hands on experience of implementing two or more standards such as ISO 27001/2,

ISO22301, SOC2, PCI DSS, NIST standards on Cyber Security, HITRUST, DPDP,
HIPAA, GDPR etc.

• Third-party Risk Management (TPRM)
• Strong analytical skills and attention to detail in identifying security vulnerabilities and

assessing compliance gaps.

• Excellent written and verbal communication skills to prepare reports and deliver

presentations.

• Cloud Expertise (AWS/Azure/GCP)
• Security Certifications are preferred.