IT-GRC expert (BFSI)

-Role Overview

The IT GRC resource will be responsible for supporting and strengthening the organization's IT Governance, Risk Management, and Compliance framework in line with RBI regulations, internal policies, and industry best practices. The role involves close coordination with IT, Information Security, Risk, Audit, and Business teams to ensure a strong control environment.

-Key Responsibilities

IT Governance & Policy Management

Support development, review, and maintenance of IT policies, SOPs, and standards aligned with RBI Master Directions, ISO 27001, and internal governance frameworks

Ensure policy dissemination, employee awareness, and compliance tracking

IT Risk Management

Perform IT Risk Assessments (inherent & residual risk) for applications, infrastructure, vendors, and processes

Maintain and update IT Risk Register and track risk mitigation plans

Support risk reporting to senior management and committees

Regulatory & Compliance Management

Support compliance with RBI guidelines including:

IT Framework for Banks / NBFCs

Cyber Security Framework

Outsourcing & Third-Party Risk guidelines

Track regulatory circulars, advisories, and compliance obligations

Coordinate regulatory inspections and supervisory submissions

Audit & Assurance Support

Act as SPOC for Internal Audit, IS Audit, Concurrent Audit, and RBI Inspection observations related to IT

Track audit issues, validate closure evidence, and monitor timelines

Support audit planning and walkthroughs

Information Security & Controls

Assist in defining and monitoring IT General Controls (ITGCs)

Support access reviews, change management controls, DR/BCP testing, and log monitoring

Work closely with Infosec teams on control design and effectiveness

Vendor & Third-Party Risk

Support IT vendor risk assessments, due diligence, and periodic reviews

Ensure compliance with outsourcing and data security requirements

-Required Skill Sets

Domain & Regulatory Knowledge

Strong understanding of Banking / NBFC IT environment

Working knowledge of RBI regulations, circulars, and supervisory expectations

Familiarity with IT audits and regulatory inspections

-GRC & Frameworks

Knowledge of one or more frameworks:

ISO 27001 / ISO 22301

COBIT

NIST / ITIL (basic understanding)

Understanding of IT Risk, ITGCs, and control testing

-Technical & Functional Skills

Understanding of core banking systems, digital channels, and IT infrastructure

Exposure to IAM, DR/BCP, patching, vulnerability management, and change management

Ability to interpret technical controls from a risk and compliance perspective

-Tools & Documentation

Experience with GRC tools (Archer, ServiceNow GRC, MetricStream, or similar) is a plus

Strong documentation, reporting, and MIS skills

Proficient in MS Excel, PowerPoint, and Word

-Soft Skills

Strong analytical and problem-solving skills

Good communication and stakeholder management skills

Ability to work with cross-functional teams and auditors

High attention to detail and compliance mindset

-Preferred Qualifications

Bachelor's degree in IT / Computer Science / Engineering

Certifications (preferred, not mandatory):

CISA / CISM

ISO 27001 Lead Implementer / Auditor

CRISC

-Ideal Candidate Profile

Hands-on exposure in a bank, NBFC, or IT audit/consulting firm serving BFSI clients

Comfortable balancing regulatory rigor with practical business realities

Proactive, structured, and audit-ready mindset