Information Security Manager

GRC Asst. Manager (Information Security)—8 -15 Years Role

Title: GRC Asst. Manager –Information Security Experience: 8 –15 Years,

Location: Chennai

Job Purpose: The GRC Manager (Information Security) will lead the organization's Governance, Risk, and Compliance (GRC) function,ensuring alignment with security policies, regulatory requirements, and clientexpectations.

This role will play a critical part in risk management, vendorsecurity assessments, secure development oversight, audit management, andsecurity governance.

Key Responsibilities: Lead and manage the Information Security GRC program. Define, implement, and maintain security policies, standards, and frameworks. Conduct and oversee risk assessments, including third-party/vendor risk reviews.

Work closely with Delivery, IT, and all support function teams to ensure compliance with CIS hardening and security controls. Manage client security due diligence questionnaires (DDQs) and audits. Support internal and external audits (ISO 27001, SOC, client audits).

Identify security gaps and drive remediation with relevant stakeholders.

Oversee security awareness, training, and compliance initiatives.

Collaborate with Incident Response, Vulnerability Management, and Security Operations teams.

Act as a primary point of contact for security governance matters.

Lead and oversee information security coding-based audits in partnership with the Project Delivery team.

Conduct Project SSDLC audit, Review secure coding controls, SDLC practices, and evidence of security integration in projects.

Provide governance inputs to improve secure development practices across projects. Required Skills & Experience: 8–10 years of experience in Information Security, GRC, or Risk Management. Strong knowledge of ISO 27001, NIST, CIS controls, and risk frameworks.

Experience handling client audits and compliance reviews.

Familiarity with Secure SDLC and secure coding governance.

Strong communication, and presentation skills.

Preferred Qualifications: CISM, CRISC, CISSP, or ISO 27001 Lead Auditor or implementer certification.

Experience in IT services, engineering, or cybersecurity environments