GRC Architect - Cyber

Job Title: Senior Manager GRC Architect

Experience: 7+ Years

Location: Gurgaon / Noida

Employment Type: Full-Time

Role Overview

We are looking for an experienced Senior Manager GRC Architect to lead the design, implementation, and governance of enterprise-wide risk and compliance frameworks. The ideal candidate will bring strong expertise in Governance, Risk & Compliance (GRC), Third-Party Risk Management (TPRM), Information Security Management Systems (ISMS), along with hands-on experience in security architecture.

Key Responsibilities

• Design and implement enterprise GRC frameworks aligned with regulatory and industry standards.
• Lead and manage Third-Party Risk Management (TPRM) programs, including vendor risk assessments, onboarding, and continuous monitoring.
• Develop, implement, and maintain ISMS in alignment with standards such as ISO 27001 and other relevant frameworks.
• Architect and review secure enterprise solutions, ensuring alignment with organizational security policies and risk posture.
• Conduct risk assessments, control evaluations, and gap analysis across systems, processes, and third-party environments.
• Collaborate with IT, security, legal, and business teams to ensure compliance with regulatory and internal policies.
• Drive security architecture reviews for applications, infrastructure, and cloud environments.
• Define and enforce governance policies, standards, and procedures across the organization.
• Lead internal and external audits, ensuring timely remediation of findings.
• Provide strategic insights and reporting to senior leadership on risk posture, compliance status, and mitigation strategies.
• Mentor and guide teams on GRC best practices and security architecture principles.

Required Skills & Experience

GRC & Risk Management

• Strong experience in Governance, Risk, and Compliance frameworks.
• Hands-on expertise in risk assessments, control frameworks, and regulatory compliance.
• Experience with frameworks such as ISO 27001, NIST, SOC 2, or equivalent.

TPRM (Third-Party Risk Management)

• Proven experience managing vendor risk lifecycle (onboarding, assessment, monitoring).
• Ability to evaluate third-party security posture and ensure compliance with organizational standards.

ISMS

• Hands-on experience in implementing and managing Information Security Management Systems (ISMS).
• Strong understanding of policies, procedures, and audit requirements.

Security Architecture

• Practical experience in designing secure architectures for applications, infrastructure, and cloud environments.
• Knowledge of security principles such as Zero Trust, defense-in-depth, identity & access management, and data protection.
• Experience with cloud platforms (Azure/AWS/GCP) and associated security controls is a plus.

Technical & Tools

• Familiarity with GRC tools and platforms.
• Understanding of network security, application security, and data security concepts.
• Experience with vulnerability management and security assessment tools.

Soft Skills

• Strong leadership and stakeholder management skills.
• Excellent communication and presentation abilities.
• Ability to influence decision-making at senior levels.
• Strong analytical and problem-solving skills.

Preferred Qualifications

• Certifications such as CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor.
• Experience working in large enterprise or consulting environments.