GRC Lead

This role is for one of the Weekday's clients

Min Experience: 9 years

Location: Mumbai

JobType: full-time

We are seeking an experienced and highly motivated GRC (Governance, Risk & Compliance) Lead to join our IT Security team. The ideal candidate will have a deep understanding of industry-standard frameworks such as ISO 27001, NIST, and IT GRC practices, along with hands-on experience as a GRC Consultant. This role will be pivotal in driving our organization’s risk and compliance posture and ensuring alignment with regulatory and corporate requirements.

Requirements

Key Responsibilities

• Governance, Risk, and Compliance Leadership: Lead and manage the IT GRC function, ensuring proper governance structures, policies, and controls are in place to support enterprise security and compliance objectives.
• Framework Implementation: Implement and maintain compliance frameworks including ISO 27001 and NIST Cybersecurity Framework. Ensure all policies, processes, and controls are aligned with these standards.
• Risk Management: Identify, evaluate, and mitigate risks across IT systems, infrastructure, and business operations. Oversee the creation and execution of risk treatment plans and risk registers.
• Security Policy & Process Development: Develop, update, and enforce IT security policies, standards, and procedures. Conduct periodic audits to ensure compliance.
• IT GRC Tools & Technology: Utilize GRC platforms and tools to automate and streamline compliance monitoring, reporting, and risk management processes.
• Internal & External Audit Support: Act as the primary point of contact for audits. Coordinate and facilitate IT audits and assessments, including evidence gathering and gap remediation planning.
• Awareness & Training: Conduct training and awareness programs for teams on GRC best practices, policies, and regulatory requirements.
• Stakeholder Engagement: Collaborate with cross-functional teams including Legal, Risk, IT, and Business to ensure comprehensive GRC integration across the organization.

Required Skills and Qualifications

• 9–17 years of experience in Governance, Risk, and Compliance, with a strong focus on IT Security.
• Expertise in implementing and maintaining ISO 27001 and NIST Cybersecurity Framework.
• Proven experience in an IT GRC or GRC Consultant role, preferably in a mid to large-sized enterprise or consulting environment.
• Deep understanding of IT security principles, risk assessment methodologies, and control frameworks.
• Strong analytical and problem-solving skills with a proactive and risk-based approach.
• Experience with GRC platforms such as RSA Archer, ServiceNow GRC, or similar tools is a plus.
• Excellent communication, documentation, and presentation skills.
• Relevant certifications such as CISA, CISM, CRISC, or ISO 27001 Lead Implementer/Auditor will be considered a strong advantage.