Search by job, company or skills

Crystal Peak

Manager Security Governance, Risk & Compliance (GRC)

Save
  • Posted 2 hours ago
  • Be among the first 10 applicants
Early Applicant

Job Description

Location: Bangalore / Pune (Hybrid)

Budget: Upto INR 30 lacs

About the Role:

We are seeking an experienced Manager – Security Governance, Risk & Compliance (GRC) to lead and strengthen our client's cybersecurity governance framework, enterprise risk management, and regulatory compliance programs. The successful candidate will work closely with business, technology, and security stakeholders to ensure security risks are effectively identified, assessed, governed, and mitigated while maintaining compliance with global standards and regulatory requirements.

Key Responsibilities:

Security Governance

  • Develop, maintain, and continuously improve the organization's Information Security Governance framework.
  • Define and manage security policies, standards, procedures, and guidelines aligned with business objectives.
  • Monitor the effectiveness of governance processes and drive continuous improvement.
  • Prepare governance metrics, dashboards, and executive reports for senior leadership and steering committees.

Risk Management

  • Lead enterprise cyber risk assessments across business units, applications, cloud environments, and third-party ecosystems.
  • Establish and maintain the cybersecurity risk register.
  • Perform risk analysis, impact assessments, and recommend mitigation strategies.
  • Facilitate risk acceptance and exception management processes.
  • Collaborate with technology and business teams to ensure timely remediation of identified risks.

Compliance & Regulatory Management

  • Ensure compliance with industry standards and regulations such as:
  • ISO 27001
  • NIST Cybersecurity Framework
  • CIS Controls
  • SOC 2
  • GDPR
  • PCI DSS (where applicable)
  • DORA / NIS2 (preferred)
  • Coordinate internal and external security audits.
  • Manage compliance assessments and remediation programs.
  • Track regulatory changes and assess organizational impact.

Security Awareness & Governance Programs

  • Drive enterprise-wide security governance initiatives.
  • Support security awareness and policy communication programs.
  • Collaborate with internal audit, legal, privacy, and enterprise risk functions.

Stakeholder Management

  • Partner with Cyber Defense, Security Architecture, Infrastructure, Cloud, Data Protection, and Business teams.
  • Present governance updates, compliance status, and risk posture to senior leadership.
  • Influence security decisions across cross-functional teams.

Required Qualifications

  • Bachelor's degree in computer science, Information Security, Engineering, or related field.
  • 8 to 12 years of experience in Information Security, Cybersecurity Governance, Risk Management, or Compliance.
  • Strong understanding of enterprise security governance frameworks.
  • Experience managing enterprise risk and compliance programs.
  • Hands-on knowledge of:
  • ISO 27001
  • NIST CSF
  • CIS Controls
  • Risk Management methodologies
  • Security policies and standards
  • Experience supporting security audits and regulatory assessments.
  • Excellent stakeholder management and communication skills.
  • Strong analytical and problem-solving capabilities.

More Info

About Company

Job ID: 151064203

Similar Jobs

Bengaluru, India

Skills:

policy compliance Iso 27001Risk ManagementNIST CSFCobit

Bengaluru, India

Skills:

Iso 27001NIST CSF 2.0Risk management frameworksBFSI compliance frameworksProgram managementSecurity AuditsSOC 2Data privacy laws