GRC Analyst / Senior GRC Analyst

Role Summary:

Astra Cybertech Pvt. Ltd. is seeking a skilled GRC Analyst or Senior GRC Analyst to lead and execute critical cybersecurity, privacy, and governance engagements. This role involves working across multiple domains, including adherence to ISO frameworks, navigating regulatory compliance mandates from bodies like RBI, SEBI, and IRDAI, and managing third-party risk. The ideal candidate will be instrumental in assessing, designing, and implementing effective information security controls that align with both global best practices and specific client requirements in Mumbai, Maharashtra.

Key Responsibilities

Cybersecurity Governance & Risk

• Lead end-to-end ITGC, cybersecurity, privacy, and third-party risk audits.
• Define and enhance existing governance, risk, and compliance frameworks.
• Ensure alignment with key regulatory and industry standards, including RBI, SEBI, IRDAI, GDPR, and ISO 27001.
• Conduct thorough cybersecurity gap and risk assessments to identify control weaknesses and proactively mitigate threats.
• Design, develop, and maintain robust information security frameworks, adhering to ISO 27001 and other international standards.
• Perform maturity assessments and contribute to the development of comprehensive cybersecurity strategies and roadmaps.
• Lead engagements across various cybersecurity domains such as NIST, BCP, ISO 27001, SSAE18, ISAE3402, and SOC 2.

Privacy & Compliance

• Develop and review privacy frameworks and processes aligned with GDPR and GAPP principles.
• Conduct assessments for data privacy and business continuity compliance.
• Ensure strict adherence to regulatory requirements across BFSI regulators, including RBI, SEBI, and IRDAI.
• Perform SEBI-mandated CSCRF and System Audits, ensuring compliance with cybersecurity framework requirements for intermediaries.
• Implement and manage Outsourcing Governance frameworks in accordance with RBI and SEBI guidelines, covering risk evaluation, vendor due diligence, and control testing.
• Conduct System and Application Audits focusing on ITGC, cybersecurity controls, and data integrity validation.
• Lead compliance reviews under RBI’s Cybersecurity Framework, IRDAI Information & Cyber Security Guidelines, and other relevant regulatory circulars.
• Assist clients in preparing for regulatory inspections, submissions, and board-level reporting.

Consulting & Client Delivery

• Manage client engagements from planning and execution to final reporting.
• Contribute to proposal development, client presentations, and thought leadership initiatives.
• Support clients in enhancing their cybersecurity posture and implementing effective risk mitigation strategies.

Leadership & Collaboration

• Lead project teams, ensuring the delivery of high-quality results.
• Coordinate with cross-functional teams to drive compliance and cybersecurity initiatives.
• Mentor junior consultants and contribute to internal capability development.

Skills & Experience:

• Strong understanding of cybersecurity, IT governance, and technology risk management.
• Hands-on experience with ISO 27001, ISO 42001, ISO 22301, ISO 27701 frameworks, and regulatory audits.
• Exposure to third-party risk management and business continuity planning.
• Excellent communication, problem-solving, and stakeholder management skills.
• Consulting experience is highly preferred.

Qualifications:

• Certifications (Preferred): ISO 27001 LA, ISO 22301, ISO 27701, CISSP, CISA.
• Experience: 3-5 years in cybersecurity, governance, risk, or compliance domains.
• Availability: Immediate joiners are preferred.