Search by job, company or skills

mitigata - full-stack cyber resilience

GRC & Privacy Lead

Save
  • Posted 23 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Job Title: GRC & Privacy Lead

(Consulting)

Department: Risk & Compliance Consulting

Location: Bangalore

Employment Type: Full-Time

About the Role

As the GRC & Privacy Lead at Mitigata, you will act as a trusted advisor and strategic leader for

our diverse portfolio of clients. You will lead a dedicated team of consultants to manage multiple

client accounts, ensuring their Governance, Risk, Compliance, and Data Privacy programs meet

complex global regulatory standards. A core part of this role involves leveraging and

implementing our proprietary GRC automation tool to streamline client operations. This is a

highly visible, client-facing role that requires a blend of deep regulatory expertise, team

leadership, and consulting acumen.

Key Responsibilities

1. Client Delivery & Account Management

Lead and manage multiple client engagements simultaneously, ensuring the successful

delivery of GRC and privacy consulting services.

Direct, mentor, and manage a team of GRC and privacy analysts/consultants to execute

daily operations across various client accounts.

Act as the primary escalation point and Subject Matter Expert (SME) for client

stakeholders, including CISOs, DPOs, and Legal teams.

Develop strategic roadmaps tailored to each client's unique risk appetite, industry, and

regulatory landscape.

2. Privacy & Data Protection Leadership

Design, implement, and manage comprehensive privacy programs aligned with GDPR,

CCPA, and DPDPA (Digital Personal Data Protection Act).

Oversee critical privacy operations for clients, including Data Protection Impact

Assessments (DPIAs), Records of Processing Activities (RoPA), Data Subject Access

Requests (DSARs), and cross-border data transfer mechanisms.

Keep clients ahead of the curve by monitoring emerging global privacy laws and

translating them into actionable operational controls.

3. GRC Automation & Platform Implementation

Champion the deployment and optimization of our proprietary GRC automation tool

across client environments.

Train clients and internal teams on maximizing the value of the platform for continuous

compliance monitoring, automated evidence collection, and risk register management.

Gather feedback from client implementations to provide valuable insights to our internal

product development team for future tool enhancements.

4. Risk & Compliance Governance

Conduct enterprise risk assessments, gap analyses, and compliance audits for clients

against frameworks like ISO 27001, SOC 2, NIST CSF, and HIPAA.

Manage Third-Party Risk Management (TPRM) programs on behalf of clients.

Drive audit readiness and coordinate with external auditors to ensure successful client

certifications.

Qualifications & Experience

Education: Bachelor's degree in Cybersecurity, Law, Information Technology, Business,

or a related field.

Consulting Experience: 10+ years of experience in GRC and Data Privacy, with at least

3 years in a client-facing consulting or advisory role.

Leadership Experience: Proven track record of managing a team and overseeing

multiple concurrent projects or client accounts.

Privacy Expertise: Deep, hands-on understanding of global privacy frameworks,

specifically GDPR, CCPA/CPRA, and India's DPDPA.

Frameworks: Strong knowledge of standard IT control frameworks (ISO 27001, SOC 2,

NIST).

Required Certifications

Must hold at least one (preferably more) in certifications:

CISA

CISM

CRISC

CISSP

ISO 27001 Lead Auditor/Implementer

CIPP/E, CIPP/US, CIPP/A (Certified Information Privacy Professional)

CIPM (Certified Information Privacy Manager)

CIPT (Certified Information Privacy Technologist)

CDPSE (Certified Data Privacy Solutions Engineer)

Highly preferred additional GRC certifications:

CISA, CISM, CRISC, CISSP, or ISO 27001 Lead Auditor/Implementer.

Skills & Competencies

Client Relationship Management: High emotional intelligence with the ability to build

trust, manage client expectations, and navigate complex organizational dynamics.

Tech-Savvy: Comfortable working with enterprise automation platforms and bridging the

gap between legal/privacy requirements and technical engineering execution.

Strategic Delegation: Ability to effectively assign tasks, review work quality, and develop

the skills of team members to ensure scalable client delivery.

Communication: Exceptional presentation and writing skills; capable of delivering

executive-level briefings and detailed compliance reports.

More Info

Job Type:
Industry:
Function:
Employment Type:

Job ID: 150854521