Posted 22 May, 2026
Manager - GRC
Vitasta Consulting Pvt Ltd
Mumbai, MH, MH, IN
Full Time
Total Relevant Exp:
- Minimum 7 Years
Qualification :
- B.Sc. (IT) / BCA / BE / ME/ MCA /M.sc (IT) / Other graduates with relevant experience.
Work Experience:
- Minimum 7 years’ experience in Information Technology Infrastructure, Information Security. etc.
- Experience in managing GRC, IT/IS audits, Data Privacy
- Exposure on SEBI/RBI Cyber security framework, Data privacy, GDPR
- Good knowledge of NCIIPC guidelines, NIST framework.
- Good interpersonal, communication, documentation and presentation skills.
Key Responsibilities:
- Track compliance / regulatory requirements and ensure on time reporting.
- Maintain circulars, advisories, directions, alerts from SEBI, NCIIPC CERT-In, track required remediations and timely submission of compliance status.
- Coordinating with various Technology teams for receipt of timely data/ information to various regulatory authorities.
- Managing IT/ Technology audits like Cyber Security, System & Network, IT General Controls Audit, and other Technology Compliances etc.
- Facilitate audits, coordinating with various Internal and External Stakeholders for audit related data. Liaising with auditors for any follow-up actions etc.
- Working closely with IT Security team on key areas like Vulnerability Management, Incident Management, Threat intelligence.
- Ensuring adherence towards IS Policies/ IT Procedures and identification of gaps if any.
- Preparation of compliance resolution and committee agendas and track ATR.
- Program management for data privacy, DPDPA, ISO 27701:2019 compliance.
- Conduct gap assessment and implement tools and technologies and processes for compliance to DPDPA requirements.
- Define and develop data protection policies and procedures within the organization.
- Perform Data Classification and Data Flow Analysis to understand data life cycle.
- Conduct Data Privacy Impact Assessments and support consent management activities
- Serve as point of contact for internal stakeholders regarding data protection issues.
- Conduct training and awareness programs for employees on data protection principles and practices
