GRC Analyst

Job Description

Position: GRC Analyst Governance, Risk & Compliance

Experience: 02 Years (Approx. 1 Year Preferred)

Role Overview

We are looking for a motivated IT Risk & Cybersecurity GRC professional (02 years of experience) to support governance, internal audit readiness, regulatory compliance activities and user access review processes within a regulated insurance environment.

The role will work closely with the Senior GRC team to assist in audit coordination, evidence tracking, risk documentation and control validation. This position is execution-focused and provides strong exposure to IRDAI, CERT-IN, internal audits and enterprise risk governance.

Key Responsibilities

Risk & Control Governance

Support risk assessments and control testing across IT and cybersecurity domains

Assist in maintaining risk registers and updating risk status in GRC platforms

Track closure of audit observations and remediation items

Support documentation of risk acceptance and mitigation actions

Assist in identifying control gaps and documenting improvement plans

Internal & Regulatory Audit Support

Support preparation for:

o IRDAI Cyber Security Audits

o CERT-IN compliance reviews

o Internal audits (including Big 4)

o Financial & ITGC audits

Coordinate collection of audit evidences from stakeholders

Maintain audit trackers and remediation status updates

Assist in preparing responses to audit observations

Ensure proper documentation and version control of audit artefacts

User Access Governance

Support execution of:

o Privileged Access Reviews

o Normal User Access Reviews

o Joiner-Mover-Leaver (JML) validations

Collect and validate access review confirmations from business owners

Assist in identifying excessive/inappropriate access

Track closure of access-related observations

Support review of PAM reports and access certification evidence

Third Party Risk Management

Support vendor risk assessments during onboarding

Maintain third-party risk trackers

Assist in reviewing vendor security questionnaires and BCP documents

Track remediation commitments from vendors

KPI / KRI / KCI Support

Assist in compiling security KPIs, KRIs and KCIs

Support preparation of dashboards for management review

Maintain data accuracy for governance reporting

Regulatory Compliance Support

Assist in implementing circulars from IRDAI, CERT-IN and other regulators

Support gap assessments and compliance documentation

Help maintain compliance evidence repository

Basic knowledge of data privacy (DPDP Act fundamentals) and cybersecurity hygiene.

Policy & Documentation Management

Assist in review and formatting of ISMS and BCMS policies

Maintain policy version control and approval records

Support documentation updates aligned to regulatory changes

Business Continuity & DR Support

Support documentation for BCP and DR readiness

Assist in coordinating DR drill documentation and evidence collection

Maintain application criticality classification records

GRC Platforms & Reporting

Hands-on working exposure (or willingness to learn) GRC tools such as:

o IBM OpenPages (preferred)

o Archer / MetricStream / equivalent

Update risk registers and issue trackers

Support generation of governance reports

Security Awareness & Training Support

Assist in rollout of security awareness programs

Track training completion metrics

Support awareness communications and campaigns

Mandatory Skills & Experience

02 years of experience in IT Risk / Cybersecurity / Audit / Compliance

Basic understanding of IT controls and cybersecurity concepts

Exposure to audit or compliance activities (preferred)

Understanding of user access management concepts

Proficiency with Excel/Sheets, PowerPoint and documentation.

Strong documentation and communication skills

Good analytical ability and attention to detail

Ability to manage multiple trackers and deadlines

Preferred Qualifications

Bachelor's degree in IT, Computer Science, Engineering or related field

Basic knowledge of ISO 27001 / ITGC controls

Internship or exposure in BFSI / Insurance sector (preferred)

Certifications like ISO 27001 / CEH / Security+ (good to have)

What We Are Looking For

A detail-oriented, process-driven professional who:

Is eager to build a career in IT Risk & GRC

Can manage documentation and evidence with accuracy

Has foundational knowledge of access governance

Can work collaboratively with cross-functional teams

Is disciplined with timelines and audit expectations

Demonstrates ownership of assigned workstreams