Sign in
Post Jobs

Governance, Risk, and Compliance (GRC) Specialist

Full Time

Client of QUIKIT Jobs

Key Responsibilities:

· GRC Strategy and Planning:

· Develop and implement comprehensive GRC strategies, policies, and procedures aligned with organizational goals and objectives.

· Define and prioritize GRC initiatives based on risk assessments, regulatory requirements, and industry best practices.

· Continuously evaluate and update GRC frameworks to adapt to evolving threats and compliance landscapes.

· Risk Management:

· Conduct risk assessments to identify, analyze, and prioritize risks across the organization.

· Develop risk mitigation strategies and controls to address identified risks effectively.

· Monitor and report on risk exposure and mitigation efforts to senior management and stakeholders.

· Compliance Management:

· Ensure compliance with relevant laws, regulations, and industry standards, such as GDPR, HIPAA, PCI DSS, etc.

· Monitor changes in regulatory requirements (SEBI, RBI, IRDAI etc) and assess their impact on the organization’s compliance posture.

· Coordinate compliance audits, assessments, and certifications, and remediate any identified issues or deficiencies.

· Audit Management:

· Plan, coordinate, and oversee internal and external audit activities, including IT audits, compliance audits, and third-party audits.

· Develop audit plans, programs, and testing procedures to assess the effectiveness of controls and compliance with policies and regulations.

· Review audit findings, assess control deficiencies, and collaborate with stakeholders to develop and implement remediation plans.

· Monitor and track the progress of audit remediation efforts and report on the status to senior management and audit committees.

· Policy Development and Enforcement:

· Develop, review, and update information security policies, standards, and guidelines in alignment with regulatory requirements and industry best practices.

· Establish mechanisms for policy enforcement and monitor adherence to policies across the organization.

· Cross-Functional Collaboration:

· Collaborate with internal stakeholders, including IT, legal, finance, and operations, to integrate GRC principles into business processes and initiatives.

· Provide guidance and support to business units on GRC-related matters, including risk assessments, compliance requirements, and controls implementation.

· Training and Awareness:

· Develop and deliver GRC training programs and awareness campaigns to educate employees on their roles and responsibilities in maintaining compliance and managing risks.

· Foster a culture of compliance and risk awareness throughout the organization.

Qualifications and Skills:

· Bachelor’s degree in Information Security, Risk Management, Business Administration, or related field. Masters degree or relevant certifications (e.g., CISA, CISSP, CRISC, CISM) preferred.

· Minimum of 5 years of experience in governance, risk, and compliance roles, with a focus on information security and IT risk management, including audit management experience.

· Strong understanding of regulatory requirements and industry standards related to information security and data privacy (e.g., GDPR, HIPAA, ISO 27001).

· Proficiency in audit methodologies, risk assessment frameworks, compliance frameworks, and control frameworks (e.g., NIST Cybersecurity Framework, COBIT, ITIL).

· Excellent analytical, problem-solving, and decision-making skills.

· Effective communication and interpersonal skills, with the ability to collaborate with diverse stakeholders and influence change.

· Proven track record of leading GRC initiatives, conducting audits, and driving process improvements.

· Ability to work independently and manage multiple priorities in a fast-paced environment.

To apply for this job please visit

Share on

Similar Jobs