Governance, Risk, and Compliance (GRC)

GRC Analyst — Governance, Risk & Compliance

Reports to: Portfolio CISO / VP Security | Experience: 4–5 years in GRC, audit, or compliance roles | Location: Pune| Type: Full-time

ABOUT THE ROLE:

The GRC Analyst will build and maintain the security governance framework across the portfolio companies. You will develop policies, maintain risk registers, manage vendor assessments, and drive compliance alignment across 17 portfolio companies with diverse regulatory obligations.

KEY RESPONSIBILITIES

Develop, maintain, and communicate Information Security Policy suite across portfolio

Build and manage technology risk registers for each portfolio company

Conduct annual vendor risk assessments and enforce security clauses

Lead data classification program rollout across all portfolio entities

Coordinate ISO 27001 and SOC 2 compliance efforts where applicable

Track policy exception requests, risk acceptances, and control deficiencies

Facilitate governance forums and prepare board/exec-level risk reporting

Manage security awareness training programs and phishing simulation schedules

Perform internal control assessments and maturity re-evaluations annually

REQUIREMENTS & SKILLS

Bachelor's in Information Systems, Law, or Risk Management

5+ years in GRC, audit, or InfoSec compliance roles

Strong knowledge of ISO 27001, NIST CSF, SOC 2, GDPR frameworks

Experience with GRC tools (ServiceNow, Archer, Vanta, Drata, OneTrust)

Excellent documentation and policy writing skills

Ability to translate technical risks into business language for executives

Certifications preferred: CISM, CISA, CRISC, ISO 27001 Lead Implementer

Experience in multi-entity or portfolio-level governance environments

Strong stakeholder management and cross-functional communication skills

TOOLS & TECHNOLOGIES

ServiceNow GRC

Archer

Reporting Drata

Power BI

Vanta

Microsoft Purview

ISO 27001

SOC 2

NIST CSF

OneTrust

Jira