Lead GRC

Summary:

The Lead GRC Engineer is a strategic and execution-focused governance, risk, and compliance professional responsible for advancing key programs across PCI-DSS compliance, third-party risk management, policy governance, enterprise risk management, and security awareness. This role drives PCI audit readiness and execution, leads vendor due diligence and risk assessments, maintains cybersecurity policies and standards, coordinates phishing simulation initiatives, and supports compliance reporting and remediation activities. The position requires strong operational discipline, cross-functional partnership, and the ability to translate complex regulatory requirements into actionable business practices.

Primary Job Functions:

• Leading PCI-DSS audit readiness with QSAs, evidence collection, and sustained compliance. Strengthening enterprise risk management with NIST RMF & ISO 27005, delivering actionable insights to leadership.
• Executing third-party risk management with vendor due diligence, remediation tracking, and risk register maintenance.
• Driving policy governance by aligning cybersecurity policies with business and regulatory needs. Elevating security awareness through phishing simulations, targeted education, and compliance training.
• Partnering cross-functionally across India GCC & US operations to resolve complex GRC matters.

Knowledge, Skills and Abilities:

• Strong knowledge of risk management methodologies, governance frameworks, control processes, and industry-standard GRC practices.
• Demonstrated expertise across compliance and cybersecurity domains.
• Proven success supporting at least 4 to 5 PCI audits through successful completion.
• Experience executing and reviewing annual vendor risk assessments for 30 or more vendors using platforms such as OneTrust, RSA Archer, ServiceNow GRC, or similar tools.
• 8 or more years of experience working with enterprise GRC platforms such as ServiceNow GRC, RSA Archer, MetricStream, or equivalent solutions.
• Strong experience developing and maintaining cybersecurity policies, standards, and procedures.

Experience: 9–13 years of progressive experience in GRC and cybersecurity, with hands-on expertise in PCI-DSS, third-party risk management, and policy governance.

Education: Bachelor's degree in information security, Computer Science, Information Technology, or a related discipline required; equivalent relevant experience may be considered.

Licenses or Certifications: At least one relevant industry certification, such as ISO 27001 Lead Auditor, CRISC, or CISSP, required.

If you feel you have the necessary skill sets and are passionate about the job, please send your profile to [Confidential Information]