Senior Consultant–Risk & Compliance

Key Responsibilities-

A) Governance, Risk & Compliance-

• Ensure compliance with RBI Cyber Security Framework, RBI IT Governance & Outsourcing Guidelines, DPDPA 2023, and ISO 27001.
• Develop, review, and maintain information security, data protection, and privacy policies, standards, and procedures.
• Support internal audits, external audits, regulatory inspections, and management reviews.

B) Risk Management-

• Conduct enterprise-level and application-level information security risk assessments.
• Maintain the Risk Register, track mitigation actions, and manage risk acceptance and exception approvals.

C) Data Security & Privacy-

• Implement and operationalize data classification, data handling, and data retention frameworks.
• Support DPDPA readiness including data discovery and mapping, consent management, data principal rights processes, and breach notification support.
• Work closely with IT teams on data encryption (at rest and in transit), DLP controls (email, endpoint, cloud), and secure data-sharing mechanisms.

D) Security Assurance & Operations Support-

• Oversee VAPT activities, configuration reviews, and security assessments.
• Track vulnerability remediation and ensure compliance with defined SLAs.
• Support incident response activities from a governance and compliance perspective.

E) Reporting & Awareness-

• Define, track, and report GRC KPIs and KRIs for senior management and Board-level reporting.
• Prepare dashboards covering compliance status, risk posture, audit findings, and remediation progress.
• Conduct information security and data privacy awareness and training sessions for employees.

Key Skills & Competencies- {Immediate joiners (within 15 days)}

• Minimum 6+ years of experience in Information Security GRC within NBFC / BFSI environments , with strong knowledge of RBI cybersecurity and IT governance guidelines .
• Proven understanding of ISO 27001 controls and DPDPA 2023 / data privacy principles , with hands-on exposure to regulatory and compliance requirements.
• Demonstrated experience in information security risk assessments, audits, policy drafting, governance frameworks, and vendor risk management .
• Ability to translate regulatory obligations into practical, implementable security and compliance controls , including exposure to GRC tools and cloud governance (AWS / Azure) .
• Certifications such as CISA, CISM, ISO 27001 Lead Auditor, or CIPM are preferred

Why You'll Enjoy Working at Kratikal:

1. Get the fast learning and exciting environment of a startup, combined with the stable work and strong performance of a bigger company. There's lots of room to learn, grow, and share your ideas.
2. We also provide good benefits like health insurance, a gratuity payment, and Employees' Provident Fund (a savings plan for your future).
3. We are an equal opportunity employer, where everyone has a fair chance.

About Us:

Kratikal Tech Limited is a leading B2B cybersecurity firm offering cutting-edge cybersecurity solutions and services such as Network Security Audits, Compliance Implementation, IoT Security, and VAPT. Serving over 150+ enterprise customers and 1825+ SMEs across industries, including E-commerce, Fintech, BFSI, NBFC, Telecom, Consumer Internet, Cloud Service Platforms, Manufacturing, and Healthcare, Kratikal is dedicated to helping organizations combat cybercriminals using advanced, technology-driven cybersecurity solutions.

The company also develops in-house cybersecurity products, including AutoSecT , competing with industry giants, alongside TSAT (Threatcop Security Awareness Training), TDMARC (Threatcop DMARC), TLMS (Threatcop Learning Management System), and TPIR (Threatcop Phishing Incident Response). These products have received numerous awards and recognitions for their innovation and effectiveness.

Kratikal has been honored as the Top Cyber Security Startup at the 12th Top 100 CISO Awards. With a global reach, Kratikal collaborates with renowned organizations to secure their digital landscapes. For more information, visit our websites at and