Governance, Risk, Compliance & Privacy Analyst (Technology & AI)
Hybrid Role (Hyderabad)
Key Responsibilities
ISO/IEC 42001 AI Management System (Mandatory)
- Implement, operate, and maintain an ISO/IEC 42001aligned AI Management System (AIMS).
- Maintain clause-to-control and clause-to-evidence mappings.
- Support management reviews, continuous improvement, and certification readiness.
Internal Audits (Mandatory)
- Plan and conduct internal audits across ISO/IEC 42001, AI governance, and ITSM processes.
- Perform control design and operating effectiveness testing.
- Document findings and track corrective actions.
- Support external audits and regulatory reviews.
Enterprise Risk Assessments (AI & Technology)
- Conduct AI, technology, SDLC, cyber, and third-party risk assessments.
- Document inherent and residual risk with treatment actions.
- Maintain enterprise risk registers.
Secure SDLC & ITSM Control Reviews
- Assess architecture, threat models, CI/CD, and ITSM processes.
- Ensure alignment with incident, problem, change, and configuration management.
API Security & Layer-Wise Technical Audits
- Review authentication, authorization, validation, rate limiting, and data exposure.
- Conduct audits across application, API, data, and infrastructure layers.
Privacy Impact & Data Protection Assessments
- Conduct PIAs/DPIAs.
- Assess personal data processing, profiling, retention, and transfers.
- Maintain privacy risk registers.
Governance, Compliance & Audit Support
- Operate governance and evidence management processes.
- Support client audits and regulatory inquiries.
- Prepare audit packs and standard responses.
Required Experience
3+ years of experience in governance, risk, compliance, audit, technology, ITSM, or privacy roles.
Experience in regulated or global enterprise environments.
Hands-on experience with audits, risk assessments, or control testing.
Required Skills & Knowledge
- ISO-based management systems (ISO/IEC 42001 preferred)
- Internal audit execution
- Technology, SDLC, and ITSM risk assessment
- API security and technical reviews
- Configuration and access control auditing
- Privacy impact assessment fundamentals
- Understanding of AI/ML risks
- Strong documentation skills
Role Type & Working Model
Hybrid working model.
Part of a global ITSM Operation-aligned Compliance & GRC department.
Works closely with global technology, security, privacy, and audit teams.
