Job Description

Job Title: Cyber Security & GRC Specialist (Individual Contributor)
Experience: 4+ Years
Location: Bangalore

About the Company:
Our client is a product-focused organization founded by experienced technocrats with over 14 years of collaboration and a combined industry experience of 100+ years. With strong domain expertise in the Infrastructure & Operations space, it has built a robust presence across India and international markets. The company offers a comprehensive portfolio of integrated IT solutions designed to simplify and automate complex IT environments. Its solutions empower enterprises to improve operational efficiency and deliver superior services to end users.


We are looking for a hands-on Cyber Security & GRC Specialist who will independently build and manage the organization’s security governance, risk, and compliance (GRC) framework from scratch.This is a high-ownership role where the selected candidate will be responsible for establishing security policies, driving compliance initiatives (ISO 27001, SOC 2), implementing technical security controls, and managing end-to-end security operations without an existing team.

Key Responsibilities:

1. GRC & Compliance (Primary Focus)

• Build the organization’s GRC framework from ground up.
• Design and implement ISMS aligned with ISO 27001.
• Lead ISO 27001 / SOC 2 readiness and certification process.
• Develop and document security policies, SOPs, and procedures.
• Conduct risk assessments, maintain risk register, and perform gap analysis.
• Drive internal and external audits independently.
• Ensure ongoing compliance monitoring and evidence management.

2. Cloud & Network Security

• Implement and manage AWS security best practices.
• Configure and manage: IAM,KMS,GuardDuty,CloudTrail,WAF (Mandatory)
• Secure VPC configurations and encryption standards.
• Oversee secure architecture review with DevOps teams.

3. VAPT & Threat Management (Mandatory)

• Conduct / coordinate Vulnerability Assessment & Penetration Testing (VAPT).
• Manage remediation tracking and closure.
• Implement WAF policies and rule tuning.
• Set up basic SOC monitoring processes and incident response workflows.
• Perform root cause analysis for security incidents.

4. Security Operations

• Implement and manage: SIEM tools,IDS/IPS,Endpoint security solutions
• Develop incident response playbooks.
• Support business continuity and disaster recovery planning.

Required Skills:

• 4–5 years in Cyber Security roles.
• Strong hands-on experience in GRC & Compliance implementation
• Strong hands-on experience in  ISO 27001 or SOC 2 frameworks
• Strong hands-on experience in WAF configuration & management
• Strong hands-on experience in  VAPT execution and remediation tracking
• Experience in AWS security controls.
• Good knowledge of network security & firewalls.
• Ability to work independently and build processes from scratch.

Preferred Certifications (Good to Have)

• ISO 27001 Lead Implementer / Auditor
• AWS Security Specialty
• CISM / CISSP / CCSP

Eligibility / Qualifications:

• Education: Bachelor’s degree in IT, Computer Science, Engineering, or equivalent.

Other Details:

• Notice Period: Immediate to 30 days
• Work From Office – 5 Days (Bangalore)
• Individual Contributor Role (No existing security team)