Cyber Risk Architect – Enterprise GRC

Job Title: Security Architect InfoSec (GRC & TPRM Focus)

Location: Delhi NCR (Gurgaon / Noida)

Experience: 8+ Years

Employment Type: Full-Time

Role Overview

We are seeking a Security Architect InfoSec with strong expertise in Governance, Risk & Compliance (GRC) and Third-Party Risk Management (TPRM). This role is responsible for architecting enterprise-wide information security governance frameworks, risk management structures, regulatory alignment, and vendor risk ecosystems.

The ideal candidate will drive risk-based security architecture, integrate regulatory controls into business processes, and design scalable compliance and third-party risk models across enterprise environments.

Key Responsibilities

1. Information Security Governance Architecture

• Design and maintain enterprise Information Security governance framework.
• Develop policy architecture, control libraries, standards, and procedures aligned with business objectives.
• Define enterprise-wide control mapping across ISO 27001, NIST CSF, COBIT, CIS Controls, and other regulatory frameworks.
• Architect governance structures including Risk Committees, escalation matrices, and oversight mechanisms.

2. Enterprise Risk Management (ERM)

• Lead enterprise-wide IT and Cyber risk assessments.
• Design risk scoring methodologies, risk quantification models, and control effectiveness frameworks.
• Develop and monitor KRIs, KPIs, and risk dashboards for senior leadership and board reporting.
• Oversee risk treatment plans and remediation tracking mechanisms.

3. Third-Party Risk Management (TPRM) Architecture

• Architect end-to-end TPRM lifecycle: onboarding, due diligence, inherent risk assessment, control evaluation, ongoing monitoring, and exit governance.
• Design vendor risk rating methodologies and criticality classification models.
• Define contractual security clauses and third-party security requirements.
• Implement continuous monitoring frameworks for high-risk vendors and supply chain risk management.

4. Compliance & Regulatory Alignment

• Ensure alignment with regulatory guidelines (RBI, SEBI, IRDAI, DPDP Act, etc. where applicable).
• Lead ISO 27001 ISMS implementation, surveillance audits, and recertification programs.
• Support ITGC, SOX (if applicable), internal audits, and external regulatory inspections.
• Architect compliance automation frameworks using GRC platforms.

5. GRC Tooling & Automation

• Lead implementation or optimization of GRC tools (e.g., ServiceNow GRC, Archer, MetricStream).
• Integrate risk registers, issue management, audit workflows, and compliance tracking into centralized platforms.
• Drive automation of third-party risk workflows and control assessments.

6. Stakeholder & Leadership Engagement

• Collaborate with CISO, CIO, Risk & Compliance teams, Legal, Procurement, and Business Heads.
• Present enterprise risk posture and third-party risk exposure to senior leadership.
• Provide architectural direction and mentorship to GRC and TPRM teams.

Required Skills & Experience

• 8+ years of experience in Information Security, with strong exposure to GRC and TPRM.
• 3+ years in enterprise-level security or GRC architecture role.
• Strong hands-on expertise in:
• ISO 27001 ISMS implementation and control mapping
• NIST CSF / NIST 800-53
• Enterprise Risk Management frameworks
• Third-Party Risk Management lifecycle
• ITGC and control testing
• Experience in BFSI or regulated environments preferred.
• Strong documentation, reporting, and board-level presentation skills.

Preferred Certifications

• CISA / CISM / CRISC
• ISO 27001 Lead Auditor / Lead Implementer
• Risk or compliance certifications preferred

Additional Requirements

• Strong analytical and risk-based decision-making capability.
• Experience in consulting or large enterprise environments.
• Immediate or early joiners preferred.