Deputy General Manager - Governance, Risk and Compliance

Deputy General Manager-GRC

Responsibilities

• Lead the implementation, maintenance, and continual improvement of the Information Security Management System (ISMS) in line with ISO/IEC 27001 standards.
• Conduct ISMS gap assessments and enterprise-wide cyber risk assessments, and track implementation of security controls.
• Plan, manage, and support internal and external audits, including ISO 27001 Stage 1 and Stage 2 audits.
• Maintain and govern ISMS documentation, including policies, standards, procedures, risk registers, and the Statement of Applicability (SoA).
• Drive Information Security policy and process governance by drafting, reviewing, and updating policies, standards, and SOPs.
• Lead internal technology audits across IT infrastructure, cloud environments, SOC, IAM, PAM, vulnerability management, and other cyber domains.
• Identify control gaps, assess risk impact, track remediation actions, and validate the effectiveness of corrective measures.
• Oversee the complete cyber risk management lifecycle, including risk identification, analysis, treatment planning, and monitoring.
• Manage third-party and vendor security risk assessments and due diligence activities.
• Ensure compliance with applicable regulatory and statutory requirements such as ISO/IEC 27001, CERT-In, CEA, BCAS, DPDP Act, and other relevant regulations.
• Develop governance metrics, KPIs, and KRIs, and provide periodic risk and compliance reporting to senior management and audit committees.
• Monitor changes in regulatory and compliance requirements and collaborate with cross-functional teams to address gaps and audit observations.

Qualifications

•    ISO/IEC 27001 Lead Implementer and/or Lead Auditor.
•    CISA, CISM, CRISC, or equivalent GRC-related certifications.
•    Strong documentation, policy drafting, and process definition skills.
•    Analytical and risk-based decision-making capabilities.
•    Audit planning, execution, and stakeholder management.
•    Ability to present risk and compliance insights to senior leadership.
•    Excellent communication and cross-functional collaboration skills.