GRC Manager - Job Description
Position Overview
We are seeking an experienced GRC Manager to lead our governance, risk, and compliance initiatives with a focus on ISO standards implementation and maintenance. The ideal candidate will have strong cybersecurity domain expertise and proven experience in establishing and managing multiple ISO frameworks across the organization.
This is an onsite role in Gurugram, HR (Mon - Fri).
Key Responsibilities
ISO Standards Implementation & Management
- Lead the implementation and maintenance of ISO 27001/27002 (Information Security Management System)
- Oversee ISO 22301 (Business Continuity Management System) deployment and operations
- Manage ISO 20000 (IT Service Management) implementation and continuous improvement
- Develop and maintain integrated management system documentation, policies, and procedures
- Ensure alignment between multiple ISO standards for efficient compliance management
Audit & Assessment
- Plan and conduct internal audits across all implemented ISO standards
- Coordinate external certification and surveillance audits
- Perform gap analysis and maturity assessments
- Lead corrective and preventive action (CAPA) programs
- Conduct risk assessments and maintain enterprise risk registers
Training & Awareness
- Design and deliver ISO standards training programs for staff at all levels
- Develop security awareness and compliance training materials
- Mentor team members on GRC best practices
- Maintain training records and certification tracking
Governance & Reporting
- Report compliance status to senior management and board committees
- Manage relationships with external auditors and certification bodies
- Track and report KPIs and metrics for GRC programs
- Coordinate with cross-functional teams to ensure compliance objectives are met
Required Qualifications
Education & Certifications
- Bachelor's degree in Information Security, Computer Science, or related field
- At least one of the following certifications required:
- ISO 27001 Lead Auditor/Lead Implementer
- ISO 22301 Lead Auditor/Lead Implementer
- ISO 20000 Lead Auditor/Lead Implementer
- Professional certifications preferred: CISSP, CISA, CRISC, or CGRC
Professional Experience
- 5+ years of experience in GRC, information security, or compliance roles
- Proven track record of successful ISO certification projects (at least 2 complete implementations)
- 3+ years conducting internal and external audits
- Experience in cybersecurity operations, incident response, or security architecture
- Hands-on experience with GRC platforms and tools
- Working knowledge of the Digital Personal Data Protection Act, 2023 (DPDP Act) and ability to align organizational security, privacy, and governance frameworks (such as ISO/IEC 27001) with applicable data protection regulations.
Technical Skills
- Deep understanding of information security principles and cybersecurity frameworks
- Knowledge of data privacy regulations (GDPR, CCPA, etc.)
- Familiarity with cloud security and modern IT infrastructure
- Experience with vulnerability management and security testing methodologies
Soft Skills
- Excellent communication and presentation skills for C-level interactions
- Strong project management and organizational abilities
- Ability to translate technical requirements into business language
- Leadership skills with experience managing cross-functional initiatives
Preferred Qualifications
- Master's degree in relevant field
- Experience in regulated industries (financial services, healthcare, critical infrastructure)
- Knowledge of additional frameworks (NIST, COBIT, PCI-DSS, SOC 2)
- Experience with business continuity planning and disaster recovery testing
- Background in security operations center (SOC) or incident response team
