Cybersecurity GRC & Compliance

Experience

• Bachelors or Postgraduate degree in a relevant field
• One or more certifications preferred: ISO 27001, ISO42001, CBCP, CISA, CISM, CRISC, CISSP
• 24 years of hands-on experience in cybersecurity programs, audits, risk management, compliance, or remediation

Qualifications

• Knowledge and experience in Application Security and Cybersecurity.
• Proficiency in Network Security and Information Security practices.
• Understanding of governance, risk, and compliance in cybersecurity contexts.
• Familiarity with standards like ISO 27001, NIST, or GDPR is a plus.
• Strong analytical and problem-solving skills.
• Experience with threat assessment, mitigation strategies, and incident response processes.
• Ability to effectively communicate and collaborate with cross-functional teams.
• A relevant degree in Information Technology, Cybersecurity, or equivalent experience.
• Professional certifications such as CISSP, CISM, or CISA are advantageous but not mandatory.

Key responsibilities

• Implement and manage security controls and risk assessment frameworks (ISO 31000, NIST) aligned with regulatory and business requirements
• Identify, evaluate, and mitigate risks through well-defined security policies, procedures, and controls
• Enhance security posture through process improvements, automation, and continuous capability development
• Design and implement GRC processes to automate and monitor controls, risks, exceptions, and testing activities
• Enhance dashboards, metrics, and reporting artifacts for effective risk and compliance tracking
• Conduct periodic assessments to evaluate the effectiveness and efficiency of security controls
• Ensure compliance with standards and regulations such as PCI DSS, SOX, SOC 2, HIPAA, RBI guidelines, ISO standards, and DPDPA (Digital Personal Data Protection Act, India)
• Perform risk assessments across incidents, vulnerabilities, patching, penetration testing, phishing, and social engineering scenarios
• Identify control gaps, document findings, and provide actionable remediation guidance
• Track and report remediation progress to stakeholders and leadership
• Collaborate with cross-functional teams to support and strengthen the security program
• Provide training and guidance on security assessments and compliance requirements
• Stay updated with industry best practices and emerging cybersecurity trends

Why Join Us

• Comprehensive salary package with competitive compensation
• Complete project ownership - almost too much responsibility and ownership of projects
• Startup culture - fast-paced, innovative, and collaborative environment
• Brewery parties and fun team outings to celebrate wins
• Company Onsite / Fun Events and team building activities
• Work with skilled security researchers and certified white hat hackers
• Continuous learning and professional development opportunities
• Work on diverse and challenging security projects
• Opportunity to make real impact in cybersecurity industry
• Flexible work environment with focus on work-life balance