Information Security & GRC Analyst

Job Title: Information Security & GRC Analyst

Key Responsibilities

1. Policy & Document Management

• Review, update, and version all Information Security policies annually.
• Maintain a formal exception register with complete documentation and approvals.
• Ensure client-wise document repositories remain accurate, complete, and audit-ready.
• Perform quarterly hygiene checks and updates across all repositories.

2. Risk & Exception Management

• Maintain the enterprise risk register and update it within three business days of identifying new risks.
• Conduct structured quarterly risk review sessions and document outcomes.
• Manage security exceptions through defined approval workflows with proper justification and traceability.

3. Compliance & Certification Readiness

• Maintain ISO 27001 Statement of Applicability with full coverage of active controls.
• Track and update IRDAI annexure mappings and compliance status.
• Ensure SOC 2 controls have clearly defined and documented control owners.
• Support external and internal audits by submitting accurate evidence within auditor timelines.
• Conduct internal audits across all locations every quarter and track outcomes.

4. Audit & Evidence Management

• Collect and submit audit evidence within five working days of request.
• Perform root cause analysis for audit findings and drive closure.
• Major non-conformities closed within 30 days.
• Minor non-conformities closed within 60 days.
• Maintain audit logs and trackers with monthly updates.

5. Awareness & Training

• Track security awareness training completion with a target coverage above 95 percent.
• Coordinate phishing simulations twice a year and document results.
• Plan and execute security awareness initiatives, including monthly posters and quarterly sessions.

6. Governance Reporting

• Prepare and submit InfoSec and GRC dashboards monthly ahead of CISO reviews.
• Maintain and review compliance and GRC trackers on a monthly basis.
• Track stakeholder engagement and follow-ups through a weekly log.

7. Operational Effectiveness

• Respond to internal information security queries within two business days.
• Deliver documentation and responses for external requests within three business days.

8. Continuous Improvement

• Obtain at least one advanced cybersecurity or GRC-related certification annually.
• Participate in advanced security training programs beyond standard awareness, at least once per quarter.

Key Skills & Competencies

• Strong understanding of Information Security governance, risk, and compliance frameworks.
• Hands-on experience with ISO 27001, SOC 2, and regulatory compliance tracking.
• Excellent documentation discipline and attention to detail.
• Ability to manage multiple stakeholders and deadlines without escalation.
• Clear written and verbal communication, especially for audit and executive reporting

Job Type: Full-time

Pay: ₹399,028.91 - ₹1,100,000.00 per year

Benefits:

• Health insurance
• Provident Fund

Ability to commute/relocate:

• Kadugodi, Bengaluru, Karnataka: Reliably commute or planning to relocate before starting work (Required)

Application Question(s):

• Willingness to come for Face-to-Face interview?

Education:

• Bachelor's (Required)

Experience:

• Information Security & GRC Analyst: 3 years (Required)

Work Location: In person