Job description
This role is for one of the Weekday's clients Min Experience: 4 years Location: Telangana JobType: full-time We are looking for a detail-focused GRC & Data Privacy Analyst to become a member of our security team.
In this position, you will oversee the upkeep of our integrated risk management framework and play a key role in executing and auditing our data privacy program.
You will ensure that our operations comply with international regulations (such as GDPR, PDPA, etc.
) while identifying and addressing risks throughout the organization.
Key Responsibilities Governance & Risk Management Framework Alignment: Oversee and enhance the organization’s security framework, including standards such as ISO 27001, SOC 2, and Singapore MAS.
Risk Assessments: Perform annual and project-specific risk assessments; maintain the Corporate Risk Register and monitor remediation activities.
Policy Management: Create, review, and update internal security policies and standards to ensure they accurately represent current business practices.
Third-Party Risk Management (TPRM): Assess the security posture of vendors and partners through thorough assessments and due diligence processes.
Data Privacy Implementation Privacy Impact Assessments (PIAs/DPIAs): Lead evaluations of new products or processes to ensure "Privacy by Design" is embedded within the development lifecycle.
Data Mapping: Maintain detailed records of processing activities (ROPA) and create data flow diagrams.
Privacy Operations: Oversee the Data Subject Access Request (DSAR) process and manage responses to privacy-related inquiries.
Compliance Monitoring: Keep track of global privacy law changes and translate these into actionable technical or procedural requirements for IT and Product teams.
Compliance & Auditing Internal Audits: Conduct regular control testing to confirm ongoing adherence to internal policies and external regulations.
External Audit Liaison: Act as the main contact for external auditors throughout certification cycles.
Awareness Training: Design and deliver training programs on security best practices and data handling protocols for all employees.
Required Qualifications Experience: 4 to 6 years in GRC, Information Security, or IT Audit, with a minimum of 1 to 2 years focused specifically on Data Privacy.
Certifications (Preferred): CISA, CRISC, or CISM.
Technical Skills: Proficiency with GRC tools like Sprinto and a strong understanding of cloud security platforms such as AWS.
Regulatory Knowledge: Comprehensive knowledge of GDPR, PDPA, and standards including ISO 27001, SOC 2, and Singapore MAS.
Soft Skills for Success The "Translator" Ability: Skilled at interpreting complex legal requirements for developers and conveying technical risks to executives.
Analytical Rigor: Detail-oriented with a passion for documentation and a "trust but verify" approach.
Adaptability: Comfortable operating within the uncertainties of evolving privacy legislation.
Must-have skills ISO 27001 GRC Good-to-have skills Information Security General Data Protection Regulation - GDPR
This job post has been translated by AI and may contain minor differences or errors.
