Job Summary:
The L2 Security Specialist - GRC - will take a proactive role in implementing, managing and improving the automated GRC solution and improving the risk & compliance posture. This role involves deeper technical knowledge, GRC tool management, and driving risk and compliance programs using an automated GRC solution.
Key Responsibilities:
- Perform Data Discovery & Classification to enforce data protection policies.
- Able to configure, implement and manage GRC solution i.e RSA Archer.
- Hands on experience in RSA Archer especially the GRC modules.
- Develop, review & maintain information security policies & procedures in GRC Tool (RSA Archer).
- Track Policy compliance across business & IT units using RSA Archer.
- Knowledge of RBI Master directions, SEBI CSCRF, DPDP Act, PCI-DSS, ISO 27001, ISO 22301, NIST CSF and various other standards & regulations.
- Lead IT Governance, Risk & Compliance (GRC) initiatives.
- Track compliance with regulations and standards, manage audit findings and remediation actions, evaluate the effectiveness of internal controls, identify compliance gaps and remediation plans and assess the impact of new or modified regulations.
- Ability to perform Risk assessments and maintain risk register and align IS Risks with Enterprise risk management.
- Evaluate potential risks, provides a centralized view of identified risks, their impact, and mitigation plans, monitor critical risk metrics and assess the effectiveness of risk mitigation strategies.
Required Skills & Qualifications:
- 5 years of experience in Information Security and GRC.
- Hands-on experience with automated GRC tools specially RSA Archer.
- Strong knowledge of RSA Archer.
- Experience in GRC frameworks (ISO 27001, NIST, RBI, SEBI CSCRF, DPDP, PCI DSS etc).
- Familiarity with banking and fintech environment, RBI Cybersecurity Audits, incident response, and threat intelligence.
- Certifications like CISSP, CISM, ISO 27001, CISA etc are preferred.
