We are seeking an Information Security GRC Specialist with 3–4 years of experience in Governance, Risk, and Compliance (GRC) within the NBFC sector. The ideal candidate will have strong knowledge of regulatory frameworks and guidelines, hands-on experience in compliance management, and excellent skills in reporting, stakeholder communication, and process improvement.

Key Skills & Experience

3–4 years of experience in Information Security GRC within the NBFC sector. Strong knowledge of RBI guidelines, ISO 27001, NIST, DPDP frameworks, and submission requirements. Expertise in regulatory compliance, audit management, risk tracking, and process improvement. Proficiency in preparing detailed reports, dashboards, and stakeholder presentations. Familiarity with automation tools for GRC processes. Strong analytical, organizational, and communication skills. Ability to manage multiple priorities in a fast-paced environment.

Key Responsibilities

1. RBI Compliance

Collect, analyze, and validate data for RBI submissions. Maintain KRIs, perform trend analysis, track improvement plans, and ensure timely submissions.

2. Audit Support

Manage the audit calendar and kickoff meetings. Oversee evidence collection, track findings to closure, perform RCA, and implement improvement plans.

3. Regulatory Advisory

Monitor regulatory updates, perform impact analyses, and maintain tracking sheets. Prepare and submit responses, escalate issues, and provide periodic regulatory reporting.

4. Gap Analysis Tracking

Track and close action points from ISO 27001, NIST, and DPDP gap analyses. Collaborate on compliance improvements and escalate unresolved issues.

5. Management Reporting

Prepare presentations for the Board, RMC, and CRO. Track action items, escalate issues, and ensure timely updates to stakeholders.

6. Risk Management

Update and monitor the risk register. Conduct control testing and report outcomes.

7. Process Management

Develop, review, and update SOPs, ensuring proper communication and archival.

8. Automation

Manage automation initiatives, including testing, implementation, and reporting progress.