Governance, Risk, and Compliance (GRC)

GRC Analyst — Governance, Risk & Compliance\nReports to: Portfolio CISO / VP Security | Experience: 4–5 years in GRC, audit, or compliance roles | Location: Pune| Type: Full-time\n\nABOUT THE ROLE:\nThe GRC Analyst will build and maintain the security governance framework across the portfolio companies. You will develop policies, maintain risk registers, manage vendor assessments, and drive compliance alignment across 17 portfolio companies with diverse regulatory obligations.\n\nKEY RESPONSIBILITIES\nDevelop, maintain, and communicate Information Security Policy suite across portfolio\nBuild and manage technology risk registers for each portfolio company\nConduct annual vendor risk assessments and enforce security clauses\nLead data classification program rollout across all portfolio entities\nCoordinate ISO 27001 and SOC 2 compliance efforts where applicable\nTrack policy exception requests, risk acceptances, and control deficiencies\nFacilitate governance forums and prepare board/exec-level risk reporting\nManage security awareness training programs and phishing simulation schedules\nPerform internal control assessments and maturity re-evaluations annually\n\nREQUIREMENTS & SKILLS\nBachelor's in Information Systems, Law, or Risk Management\n5+ years in GRC, audit, or InfoSec compliance roles\nStrong knowledge of ISO 27001, NIST CSF, SOC 2, GDPR frameworks\nExperience with GRC tools (ServiceNow, Archer, Vanta, Drata, OneTrust)\nExcellent documentation and policy writing skills\nAbility to translate technical risks into business language for executives\nCertifications preferred: CISM, CISA, CRISC, ISO 27001 Lead Implementer\nExperience in multi-entity or portfolio-level governance environments\nStrong stakeholder management and cross-functional communication skills\n\nTOOLS & TECHNOLOGIES\nServiceNow GRC\nArcher\nReporting Drata\nPower BI\nVanta\nMicrosoft Purview\nISO 27001\nSOC 2\nNIST CSF\nOneTrust\nJira