[Hiring] GRC Analyst @Digitap.ai

Role Description

We are seeking a motivated and skilled GRC professional to join our team. As a GRC Analyst, you will be responsible for managing cybersecurity risks, conducting compliance assessments, and implementing security policies based on industry’s best practices, including ISO 27001/22301 and RBI/SEBI guidelines. This role offers an excellent opportunity to build and enhance your skills in the rapidly evolving field of cybersecurity governance, risk management, and compliance.

• Compliance & Regulatory Oversight: Ensure compliance with applicable laws and regulations, such as RBI/SEBI cybersecurity guidelines, GDPR, DPDP and other local and international frameworks.
• Risk Management: Assist in conducting risk assessments to identify, evaluate, and prioritize risks related to information security and business operations.
• Audit Support: Support internal and external audits by preparing documentation, coordinating audit activities, and ensuring compliance with cybersecurity policies and standards.
• Cybersecurity Program Management: Work closely with IT, legal, and other stakeholders to integrate cybersecurity risk management into business processes, ensuring alignment with organizational goals.
• Policy Development & Training: Contribute to the development of information security policies, procedures, and guidelines, and assist in delivering training programs to raise awareness of security best practices across the organization.
• Continuous Improvement: Collaborate with various teams to assess the effectiveness of existing controls and propose improvements to enhance the organization's cybersecurity posture.
• Reporting & Documentation: Maintain clear and comprehensive documentation of risk assessments, compliance activities, audits, and incident reports to provide transparency to senior leadership and regulatory bodies.

Qualifications

• 2-5 years of hands-on experience in Governance, Risk, and Compliance (GRC) roles.
• Good understanding of information security principles, controls, and risk management methodologies, compliance and audits.
• Hands-on experience of implementing two or more standards such as ISO 27001/2, ISO22301, SOC2, PCI DSS, NIST standards on Cyber Security, HITRUST, DPDP, HIPAA, GDPR etc.
• Third-party Risk Management (TPRM).
• Strong analytical skills and attention to detail in identifying security vulnerabilities and assessing compliance gaps.
• Excellent written and verbal communication skills to prepare reports and deliver presentations.
• Cloud Expertise (AWS/Azure/GCP).
• Security Certifications are preferred.