Governance Risk Compliance (GRC) Senior Associate

Inspira Enterprise India is seeking a highly motivated and experienced Governance Risk Compliance (GRC) Senior Associate. The ideal candidate will possess deep subject knowledge in information, cyber, and data security, coupled with practical experience in managing security projects and ensuring regulatory compliance. This role will be pivotal in managing our Vulnerability Management (VM) program, leading IT audits, overseeing security initiatives, and ensuring adherence to stringent security controls and regulatory guidelines, including IRDAI.

Key Responsibilities

Manage Vulnerability Management (VM) Program:

• Ensure all IT assets are comprehensively covered under the Vulnerability Management program.
• Ensure VM tasks (scanning, assessment) are carried out meticulously and as per the defined schedule.
• Lead the consolidation, diligent tracking, and timely closure of all reported vulnerabilities.
• Prepare accurate and insightful reports and trackers to provide visibility into the VM posture.

Manage Compliance & Regulatory Activities:

Oversee User Access Management (UAM) processes, ensuring least privilege and timely reviews.

Actively support and manage various IT audits, including internal, external, and regulatory assessments.

Perform other related activities crucial for maintaining a strong compliance posture.

Manage BAU (Business As Usual) / Operational Tasks:

• Lead Incident Management activities, from detection and response to the effective resolution of security incidents reported through various mediums.
• Conduct thorough review and assessment of security requirements from business, IT teams, and other peer functions.
• Drive security initiatives/Projects and implementations, ensuring successful deployment and integration of new security tools and processes.
• Ensure all Calendar activities (e.g., periodic reviews, control assessments) are completed in a timely manner.
• Ensure strict Compliance to Regulatory Guidelines, particularly IRDAI guidelines for risk assessment.
• Conduct Risk Assessment of all Security Controls Annually to identify gaps and areas for improvement.
• Drive third-party security assessments and ensure vendor compliance.
• Review Security Architecture and Change Approvals to ensure security is embedded by design.
• Review Approvals for Security Exceptions, ensuring appropriate justification and mitigation.
• Oversee the Governance of all Audit and IRDAI open points, driving their closure.
• Manage SOC (Security Operations Center) operations and ensure continuous compliance with security monitoring requirements.
• Ensure continuous compliance to all the Security Controls implemented across the organization.
• Provide Governance of all Outsourced work related to security.

Preferred Candidate Profile

• Subject Knowledge & Expertise: Deep and current subject knowledge in information security, cyber security, and data security domains.
• Evolving Technologies: Good understanding of evolving cybersecurity technologies and their applicability.
• Security Project Management: Practical and hands-on experience in managing end-to-end security projects.
• Business Acumen: Strong understanding of the business landscape and the applicability of security controls within that context.
• Stakeholder Coordination: Proven ability to coordinate effectively with all global stakeholders for security tools implementation and compliance initiatives.
• Risk Assessment: Experience in conducting risk assessments as per IRDAI Guidelines.
• Audit Governance: Demonstrated capability in the governance of all audit findings and IRDAI open points.

Competencies

• Excellent analytical and problem-solving skills.
• Strong communication and interpersonal abilities for effective stakeholder coordination.
• Proactive and self-driven with a strong sense of ownership.
• Ability to work under pressure and manage multiple priorities effectively.