5+ Yrs - Bengaluru Only - IT Governance, Risk & Compliance (GRC) Specialist

Job Overview

We are seeking an experienced IT Governance, Risk & Compliance (GRC) Specialist to drive information security, compliance, audit readiness, and risk management initiatives across the organization.

The ideal candidate will have hands-on experience managing compliance programs aligned to NIST CSF 2.0, ISO 27001:2022, GDPR, DPDP Act, Third-Party Risk Management (TPRM), and related security frameworks. This role will work closely with IT, Security, Product, and Business teams to strengthen governance practices, manage audits, mitigate risks, and support continuous compliance improvements.

Key Responsibilities

• Manage IT compliance and security governance programs including NIST CSF 2.0, ISO 27001:2022, GDPR, DPDP Act, and related frameworks.

• Coordinate internal and external audits, including evidence collection, auditor engagement, remediation tracking, and closure of findings.

• Conduct IT risk assessments and support enterprise risk management initiatives.

• Manage Third-Party Risk Management (TPRM) activities including vendor assessments, security questionnaires, risk scoring, and ongoing monitoring.

• Support development, implementation, and continuous improvement of security controls, policies, and governance processes.

• Collaborate with IT, Security, Product, and Business stakeholders to ensure compliance requirements are effectively embedded into operational processes.

• Track compliance metrics, risks, audit observations, and remediation activities.

• Support continuous improvement initiatives related to information security, risk management, and regulatory compliance.

Required Skills & Qualifications

• 5+ years of experience in IT Audit, IT Risk, Information Security, Governance Risk & Compliance (GRC), or related domains.

• Strong understanding of IT General Controls (ITGC), security controls, compliance programs, and data protection requirements.

• Experience managing internal and external audits, control testing, audit evidence collection, and remediation tracking.

• Hands-on experience with Third-Party Risk Management (TPRM), vendor assessments, security reviews, and risk evaluation processes.

• Working knowledge of:

• NIST CSF 2.0
  
• NIST SP 800-53
  
• ISO 27001:2022
  
• GDPR
  
• DPDP Act
  

• Understanding of cloud environments (AWS preferred), SaaS platforms, and modern technology architectures.

• Excellent stakeholder management, communication, and documentation skills.

• Strong analytical, risk assessment, and problem-solving capabilities.

• B.E. / B.Tech in Computer Science, Information Technology, or related discipline.

Preferred Qualifications

• Prior experience in Security Engineering or Application Security before transitioning into GRC.

• Experience within Banking, Fintech, Insurance, Payments, or other regulated industries.

• Big 4 consulting experience in IT Risk Advisory, Cyber Risk, Audit, or Compliance.

• Professional certifications such as ISO 27001 Lead Implementer/Auditor, CISA, CRISC, CISSP, CISM, or equivalent are highly desirable.