Cybersecurity Governance, Risk, and Compliance Specialist

T&T- Cyber Strategy & Transformation-DM-Mumbai

About the Role

As a Cybersecurity GRC Specialist, this role plays a pivotal part in safeguarding the organization's information assets through comprehensive governance, risk management, and compliance initiatives. The focus is on ensuring adherence to regulatory requirements, industry standards, and cybersecurity best practices while supporting the design and documentation of cybersecurity control frameworks. Responsibilities include managing risk, evaluating third-party security postures, and ensuring that digital payment systems comply with relevant standards such as NIST, ISO27001, and ITGC. A strong understanding of cybersecurity frameworks and a proactive approach to aligning with global regulatory frameworks, industry best practices, and organizational goals is required to provide robust protection against cyber threats.

 

Key Responsibilities

·       Develop, implement, and manage a comprehensive risk management program to identify, assess, and mitigate cybersecurity risks across IT systems and processes.

·       Continuously monitor the risk landscape, ensuring effective implementation and maintenance of mitigation strategies, while reporting on compliance with relevant laws, regulations, and industry standards.

·       Lead audits and assessments to verify cybersecurity compliance, providing remediation guidance for identified gaps, and staying up to date with regulatory changes.

·       Implement and maintain cybersecurity controls and frameworks, including NIST CSF, NIST 800-53, ISO/IEC 27001, and IT General Controls (ITGCs), ensuring alignment with industry standards and organizational needs.

·       Manage the organization’s ISO/IEC 27001 certification process, including the development and maintenance of an Information Security Management System (ISMS), conducting internal audits, gap analyses, and preparing for external audits.

·       Develop and manage a third-party risk management program, including due diligence, risk assessments, and collaboration with other departments to ensure vendors meet cybersecurity requirements and contracts include appropriate clauses.

·       Oversee digital payment system security, ensuring compliance with industry standards like PCI-DSS, and collaborate with service providers and internal teams to protect against cybersecurity threats.

·       Design, document, and regularly update a cybersecurity control framework that complies with relevant industry standards and regulatory requirements (e.g., NIST, ISO/IEC 27001, CIS, PCI DSS, RBI, SEBI, IRDA, DPDPA, GDPR, DORA).

·       Conduct workshops with senior stakeholders to appraise them of cybersecurity frameworks and control requirements, ensuring continuous improvement of the organization’s cybersecurity posture.

 

 

 

Qualifications

• Bachelor’s degree in information technology, Computer Science, or a related field (or equivalent experience).
• 8- 10 years of experience in information security, cyber security compliance, risk assessment or a similar role
• Good understanding of IT control frameworks (PCI DSS, NIST, COBIT, ITIL, CSF, ISO 27001, ITIL, COSO etc.)
• Good understanding and Indian and global cyber security regulations
• Strong analytical and problem-solving skills.
• Excellent communication and documentation skills.
• Ability to work independently and as part of a team.
• Experience with risk management, compliance, and audit processes.

 

Experience Level

Senior Level