Experience Required:

Proven experience in Information Security GRC within the NBFC sector. Strong knowledge of RBI guidelines, ISO 27001, NIST, DPDP frameworks, and submission requirements. Expertise in regulatory compliance, audit management, risk tracking, and process improvement. Proficiency in preparing detailed reports, presentations, and stakeholder communication. Familiarity with automation tools for GRC processes. Excellent analytical, organizational, and communication skills. Ability to manage multiple priorities in a fast-paced environment.

Key Responsibilities:

RBI Compliance:

Collect, analyze, and validate data for RBI submissions. Maintain KRIs, perform trend analysis, track improvement plans, and ensure timely communication and submissions.

Audit Support:

Manage audit calendar, kickoff meetings, and evidence collection. Track findings to closure, perform RCA, and implement improvement plans.

Regulatory Advisory:

Monitor regulatory updates, perform impact analyses, update tracking sheets, and prepare responses. Escalate issues and provide periodic regulatory reporting.

Gap Analysis Tracking:

Track and close action points from ISO 27001, NIST, and DPDP gap analyses. Collaborate on compliance improvements and report unresolved issues.

Management Reporting:

Prepare Board, RMC, and CRO presentations. Track action items, escalate issues, and share updates with stakeholders.

Risk Management:

Update and monitor the risk register. Conduct control testing and report outcomes.

Process Management:

Develop, review, and update SOPs. Ensure communication, implementation, and archival.

Automation:

Manage automation initiatives for GRC processes. Oversee testing, implementation, and progress reporting.