
Search by job, company or skills

Job Title: GRC & Privacy Lead
(Consulting)
Department: Risk & Compliance Consulting
Location: Bangalore
Employment Type: Full-Time
About the Role
As the GRC & Privacy Lead at Mitigata, you will act as a trusted advisor and strategic leader for
our diverse portfolio of clients. You will lead a dedicated team of consultants to manage multiple
client accounts, ensuring their Governance, Risk, Compliance, and Data Privacy programs meet
complex global regulatory standards. A core part of this role involves leveraging and
implementing our proprietary GRC automation tool to streamline client operations. This is a
highly visible, client-facing role that requires a blend of deep regulatory expertise, team
leadership, and consulting acumen.
Key Responsibilities
1. Client Delivery & Account Management
Lead and manage multiple client engagements simultaneously, ensuring the successful
delivery of GRC and privacy consulting services.
Direct, mentor, and manage a team of GRC and privacy analysts/consultants to execute
daily operations across various client accounts.
Act as the primary escalation point and Subject Matter Expert (SME) for client
stakeholders, including CISOs, DPOs, and Legal teams.
Develop strategic roadmaps tailored to each client's unique risk appetite, industry, and
regulatory landscape.
2. Privacy & Data Protection Leadership
Design, implement, and manage comprehensive privacy programs aligned with GDPR,
CCPA, and DPDPA (Digital Personal Data Protection Act).
Oversee critical privacy operations for clients, including Data Protection Impact
Assessments (DPIAs), Records of Processing Activities (RoPA), Data Subject Access
Requests (DSARs), and cross-border data transfer mechanisms.
Keep clients ahead of the curve by monitoring emerging global privacy laws and
translating them into actionable operational controls.
3. GRC Automation & Platform Implementation
Champion the deployment and optimization of our proprietary GRC automation tool
across client environments.
Train clients and internal teams on maximizing the value of the platform for continuous
compliance monitoring, automated evidence collection, and risk register management.
Gather feedback from client implementations to provide valuable insights to our internal
product development team for future tool enhancements.
4. Risk & Compliance Governance
Conduct enterprise risk assessments, gap analyses, and compliance audits for clients
against frameworks like ISO 27001, SOC 2, NIST CSF, and HIPAA.
Manage Third-Party Risk Management (TPRM) programs on behalf of clients.
Drive audit readiness and coordinate with external auditors to ensure successful client
certifications.
Qualifications & Experience
Education: Bachelor's degree in Cybersecurity, Law, Information Technology, Business,
or a related field.
Consulting Experience: 10+ years of experience in GRC and Data Privacy, with at least
3 years in a client-facing consulting or advisory role.
Leadership Experience: Proven track record of managing a team and overseeing
multiple concurrent projects or client accounts.
Privacy Expertise: Deep, hands-on understanding of global privacy frameworks,
specifically GDPR, CCPA/CPRA, and India's DPDPA.
Frameworks: Strong knowledge of standard IT control frameworks (ISO 27001, SOC 2,
NIST).
Required Certifications
Must hold at least one (preferably more) in certifications:
CISA
CISM
CRISC
CISSP
ISO 27001 Lead Auditor/Implementer
CIPP/E, CIPP/US, CIPP/A (Certified Information Privacy Professional)
CIPM (Certified Information Privacy Manager)
CIPT (Certified Information Privacy Technologist)
CDPSE (Certified Data Privacy Solutions Engineer)
Highly preferred additional GRC certifications:
CISA, CISM, CRISC, CISSP, or ISO 27001 Lead Auditor/Implementer.
Skills & Competencies
Client Relationship Management: High emotional intelligence with the ability to build
trust, manage client expectations, and navigate complex organizational dynamics.
Tech-Savvy: Comfortable working with enterprise automation platforms and bridging the
gap between legal/privacy requirements and technical engineering execution.
Strategic Delegation: Ability to effectively assign tasks, review work quality, and develop
the skills of team members to ensure scalable client delivery.
Communication: Exceptional presentation and writing skills; capable of delivering
executive-level briefings and detailed compliance reports.
Job ID: 150854521
We don’t charge any money for job offers