How much salary can I expect as a Governance, Risk and Compliance Analyst in Qualys Security Techservices Private Limited in undefined?

You can expect a minimum salary of 0 INR. The salary offered will depend on your skills, experience and performance in the interview.

What is the eligibility criteria to apply for Governance, Risk and Compliance Analyst in Qualys Security Techservices Private Limited in undefined?

The candidate should have completed undefined degree and people who have 2 to 5 years are eligible to apply for this job. You can apply for more jobs in undefined to get hired quickly.

Is there any specific skill required for this job?

The candidate should have undefined skills and sound communication skills for this job.

Who can apply for this job?

Both Male and Female candidates can apply for this job.

Is it a work from home job?

No, it’s not a work from home job and can’t be done online. You can explore and apply for other work from home jobs in undefined at apna.

Are there any charges or deposits required while applying for the role or while joining?

No work-related deposit needs to be made during your employment with the company.

How can I apply for this job?

Go to the apna app and apply for this job. Click on the apply button and call HR directly to schedule your interview.

What is the last date to apply?

The last date to apply for this job is . For more details, download apna app and find Full Time jobs in undefined . Through apna, you can find jobs in 74 cities across India. Join NOW

Governance, Risk and Compliance Analyst

Qualys Security Techservices Private Limited

Pune

Not disclosed

Work from Office

Full Time

Min. 2 years

Job Details

Job Description

GRC Analyst

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Job Title: GRC Analyst

Function: Governance, Risk and Compliance (GRC)

Location: Pune (Hybrid)

Experience: 2–5 years

Education

Bachelor’s degree in Information Technology, Information Security, Risk Management, Business Administration, Finance, or a related discipline
Professional certifications are a plus

Role Overview

The GRC Analyst is responsible for identifying, assessing, monitoring, and reporting risks associated with third‑party vendors, service providers, and outsourced relationships. The role ensures third‑party engagements align with the organization’s risk tolerance, regulatory requirements, and internal control standards.

This position plays a critical role in operational resilience, cybersecurity risk management, regulatory compliance, and governance.

Key Responsibilities

Risk Identification:

Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects.
Have good understanding and working of IT infrastructure systems and devices from a security perspective like server, virtualization, cloud, applications, databases, network switches, router, firewalls, load balancers, etc.
Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape.

Risk Assessment:

Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors.
Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.
Have good understanding of systems and solutions like active directory (AD), email, DNS, DLP, antivirus, EDR, SIEM, etc.
The ability to articulate the business risks associated with technical vulnerabilities and risks.

Third‑Party Risk Assessment & Monitoring

Perform end‑to‑end third‑party risk assessments during onboarding, periodic reviews, and event‑driven triggers
Assess vendor risks across multiple domains, including:
- Information Security
- Data Privacy
- Business Continuity & Disaster Recovery
- Operational Risk
- Regulatory and Compliance Risk
Evaluate vendor responses, supporting evidence, and attestations for adequacy and accuracy

Issue Management & Remediation

Identify control gaps, weaknesses, and risk issues arising from third‑party assessments
Work with vendors and internal stakeholders to define remediation plans
Track remediation actions and validate closure evidence

Risk Reporting & Metrics

Maintain third‑party risk registers, risk ratings, and issue logs
Prepare risk reports, dashboards, and key risk indicators (KRIs) for management
Support risk committees, governance forums, and senior leadership reporting

Stakeholder & Vendor Engagement

Partner with procurement, legal, compliance, information security, privacy, and business teams
Act as a point of contact for third‑party risk‑related queries
Support contract reviews by providing risk inputs related to vendor engagements

Regulatory, Audit & Governance Support

Support internal audits, regulatory examinations, and client due diligence requests related to third‑party risk
Ensure alignment with applicable regulations and frameworks (e.g., FedRAMP, RBI, GDPR, ISO, SOC)
Assist in maintaining third‑party risk policies, standards, and procedures

Process Improvement & Tooling

Contribute to improvements in TPRM processes, assessment methodologies, and workflows
Assist in enhancements or implementations of GRC platforms (e.g., Archer, ServiceNow, MetricStream)
Support automation and data quality initiatives within the TPRM program

Required Skills & Competencies

Risk & Compliance Knowledge

Strong understanding of third‑party risk management lifecycle
Working knowledge of technology, cyber, and operational risk concepts
Familiarity with regulatory expectations and risk management frameworks

Tools & Technology

Experience using GRC platforms or vendor risk tools
Strong proficiency in Excel and reporting tools
Ability to analyze data and produce clear, actionable insights

Communication & Collaboration

Strong written and verbal communication skills
Ability to engage with both technical and non‑technical stakeholders
Effective time management and prioritization skills

Preferred Qualifications (Nice to Have)

Total work experience of 3-5 years in relevant field of work.
Bachelor's or Master's degree in Computer Science, Information Security, Risk Management, System Resiliency & Availability & Software development practices and frameworks, Products and operations, Access and identity management, application security, assurance programs, or a related field.
Professional certifications such as (one or more of these):
- CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor
- Vendor Risk or Operational Risk certifications
Experience in Product management, IT service/ software, BFSI, fintech, cloud service environments, or regulated industries
Exposure to global regulatory environments (FedRamp, GDPR, FFIEC, EBA, OCC, etc.)