Senior Associate- Information Security & GRC
Department: Information Security
Location: Gurgaon
Job Summary
- Multi-Standard Compliance: Maintain, upgrade, and support compliance frameworks for ISO 27001:2022 (ISMS), ISO 22301:2019 (BCMS), and ISO 42001:2023 (AIMS).
- SOC Reporting: Coordinate and gather evidence for annual SOC 1 and SOC 2 Type II examinations, ensuring alignment with Trust Services Criteria.
- Risk Assessments: Conduct comprehensive InfoSec risk assessments across infrastructure, applications, and business processes. Maintain the corporate Risk Register.
- Business Impact Analysis (BIA): Lead organizational BIAs to identify critical business functions, determine RTOs/RPOs, and align them with disaster recovery plans.
- Mitigation Tracking: Partner with engineering, IT, and legal teams to design, implement, and validate risk remediation controls.
- Functional Objectives: Define, track, and report on departmental security metrics and KPIs to measure compliance health and performance.
- Management Review Meetings (MRMs): Schedule, organize, and compile data for periodic MRMs. Present compliance trends, audit findings, and risk status to executive leadership.
- Internal Audits: Plan, scope, and execute internal audits to identify control gaps and operational inefficiencies.
- External Audit Facilitation: Act as the primary point of contact for external auditors during formal certification and surveillance audits.
- Corrective Actions: Formulate Corrective Action Plans (CAPA) for audit findings and track them through to closure.
- System Configuration: Act as the internal Archer Administrator to configure applications, workflows, fields, data-driven events, and access control rights.
- Dashboarding & Reporting: Create custom reports, notification templates, and real-time dashboards for leadership visibility.
- Data Integration: Manage data feeds and integrations between Archer and other internal IT/Security tools.
- Security Questionnaires: Own the end-to-end process of responding to incoming client security questionnaires, RFPs, and due diligence assessments.
- Trust & Transparency: Articulate the company's security posture and compliance status clearly to external client procurement and security teams
- Training Delivery: Design, update, and deliver modern Information Security and Privacy awareness training for new hires and existing staff.
- Experience: 3 to 6 years of direct experience in IT compliance, information security auditing, or GRC consulting.
- Standard Mastery: Proven hands-on experience executing audits for ISO 27001 and SOC 2. Exposure to or foundational knowledge of ISO 42001 (Artificial Intelligence Management) is highly desirable.
- GRC Automation: Minimum 1–2 years of practical experience managing and configuring the RSA Archer platform.
- Core Concepts: Strong grasp of network security, access controls, encryption, data privacy regulations, and business continuity strategies.
Disclaimer: The following job description serves as an informative reference for the tasks you may be required to perform. However, it does not constitute an integral component of your employment agreement and is subject to periodic modifications to align with evolving circumstances.
Please Note: We appreciate the accuracy and authenticity of the information you provide, as it plays a key role in your candidacy. As part of the Background Verification Process, we may verify your employment, education, and other details. Please ensure all information is factual and submitted on time. For any assistance, your recruiter is available to support you.
