Bayt.com

Submitting more applications increases your chances of landing a job.

Here’s how busy the average job seeker was last month:

Opportunities viewed

Applications submitted

Keep exploring and applying to maximize your chances!

Looking for employers with a proven track record of hiring women?

Click here to explore opportunities now!
We Value Your Feedback

You are invited to participate in a survey designed to help researchers understand how best to match workers to the types of jobs they are searching for

Would You Be Likely to Participate?

If selected, we will contact you via email with further instructions and details about your participation.

You will receive a $7 payout for answering the survey.


User unblocked successfully
https://bayt.page.link/bUtMp4FCPAGYFFxv9
Back to the job results

GRC Lead

30+ days ago 2026/07/25
Other Business Support Services
Create a job alert for similar positions
Job alert turned off. You won’t receive updates for this search anymore.
Undo

Job description

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!


Job Description: GRC Lead


Role Title: Governance, Risk & Compliance (GRC) Lead
Department: Security Operations- Governance, Risk and Compliance (GRC)
Reporting To: Manager – GRC
Location: Pune (Hybrid)


Experience: 8–10 years


Role Type: Full‑time


Role Overview


The GRC Lead is responsible for establishing, leading, and continuously improving the organization’s Governance, Risk, and Compliance framework across technology, information security, and business operations. This role ensures alignment with regulatory requirements, industry standards, and organizational risk appetite while enabling business growth and resilience.


The GRC Lead partners closely with technology, security, legal, compliance, internal audit, procurement, and business stakeholders to proactively identify, assess, mitigate, and monitor risks, including third‑party, cyber, regulatory, and operational risks.


Key Responsibilities


Governance & Policy Management


  • Define and maintain enterprise‑level GRC frameworks, policies, standards, and procedures
  • Establish governance structures for risk ownership, escalation, and decision‑making
  • Ensure alignment between business objectives, risk appetite, and control frameworks
  • Drive security and risk awareness across the organization

Risk Management


  • Lead the enterprise and technology risk assessment lifecycle (identification, assessment, treatment, monitoring)
  • Own risk registers and ensure risks are tracked, reviewed, and mitigated effectively
  • Support risk quantification and scenario analysis where applicable
  • Report risk posture to senior leadership and governance committees
  • Integrate risk management into SDLC, cloud adoption, and digital initiatives

Compliance & Assurance


  • Ensure compliance with applicable laws, regulations, and standards, such as:
    • ISO 27001 / ISO 27701
    • NIST CSF / NIST 800‑53
    • SOC 1 / SOC 2
    • GDPR, DPDP Act, HIPAA, PCI DSS (as applicable)
  • Coordinate internal and external audits; manage audit responses and remediation
  • Maintain compliance evidence and documentation
  • Track regulatory changes and assess business impact

Third‑Party & Vendor Risk Management


  • Design and operate the Third‑Party Risk Management (TPRM) program
  • Conduct vendor risk assessments, including cybersecurity, operational, and data privacy risks
  • Partner with procurement, legal, and business owners on onboarding and renewals
  • Monitor critical vendors and ensure remediation of identified issues

Metrics, Reporting & Continuous Improvement


  • Define and track GRC KPIs and KRIs
  • Develop dashboards and executive‑level risk reports
  • Mature GRC processes through automation and GRC tooling
  • Benchmark program maturity against industry best practices

Leadership & Stakeholder Management


  • Act as a trusted advisor to executive leadership and business teams
  • Lead and mentor GRC analysts and specialists (if applicable)
  • Influence without authority across technical and non‑technical teams

Required Qualifications


Education


  • Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, Law, or related field
  • Master’s degree preferred

Experience


  • 8–12+ years of experience in GRC, technology risk, cybersecurity, or compliance
  • Proven experience leading or managing enterprise‑scale GRC programs
  • Hands‑on experience with audits, risk assessments, and regulatory engagements
  • Experience working with global or regulated environments preferred

Technical & Professional Skills


  • Strong knowledge of:
    • IT risk, cybersecurity risk, and control frameworks
    • Regulatory compliance and audit practices
    • Third‑party risk management
  • Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, MetricStream, OneTrust)
  • Ability to translate technical risks into business impact
  • Excellent written and verbal communication skills
  • Strong stakeholder management and influencing skills

Certifications (Preferred)


  • CRISC, CISA, CISM
  • ISO 27001 Lead Implementer / Lead Auditor
  • CISSP (desirable)
  • FAIR or risk quantification certifications (optional but valued)
This job post has been translated by AI and may contain minor differences or errors.
Apply on company site Email to Friend Complete Questionnaire
You’ve reached the maximum limit of 15 job alerts. To create a new alert, please delete an existing one first.
MANAGE
Job alert created for this search. You’ll receive updates when new jobs match.
Manage alerts
Are you sure you want to unapply?

You'll no longer be considered for this role and your application will be removed from the employer's inbox.