Job Description

Job Title GRC/ Security Analyst

Location Bangalore, India

Experience 2 to 5 Years

We are seeking a motivated and skilled GRC professional to join our team. As a GRC Analyst / Security Analyst, you will be responsible for managing cybersecurity risks, conducting compliance assessments, strengthening security governance practices, and implementing security policies based on industry best practices, including ISO 27001, NIST, RBI/SEBI guidelines, and cloud security frameworks. This role offers an excellent opportunity to build and enhance your skills in cybersecurity governance, risk management, compliance, security operations, and third-party risk management

Key Responsibilities

• Compliance & Regulatory Oversight:
  Ensure compliance with applicable laws and regulations, including RBI/SEBI cybersecurity guidelines, GDPR, DPDP Act, PCI DSS, SOC 2 and other local and international security frameworks.

• Risk Management:
  Conduct risk assessments, risk analysis, gap assessments, and control evaluations to identify, evaluate, and mitigate cybersecurity and operational risks across business functions.

• Security Governance:
  Assist in establishing and maintaining governance frameworks, security controls, risk registers, exception management processes, and security metrics/KPIs.

• Audit & Assessment Support:
  Support internal and external audits by preparing documentation, coordinating audit activities, tracking remediation plans, and ensuring compliance with cybersecurity policies and standards.

• Vulnerability & Security Assessment:
  Coordinate vulnerability assessments, configuration reviews, VA/PT activities, and security assessments with infrastructure, cloud, and application teams to ensure timely remediation of findings.

• Third-Party/Vendor Risk Management:
  Perform vendor security assessments, review third-party security controls, and track remediation activities to manage supply chain and vendor-related cyber risks.

• Incident Management & Response:
  Assist in cybersecurity incident reporting, root cause analysis, incident tracking, and post-incident compliance reviews to ensure corrective and preventive actions are implemented.

• Identity & Access Governance:
  Review user access controls, privileged access management, segregation of duties (SoD), and periodic access reviews to strengthen identity security controls.

• Policy Development & Security Awareness:
  Develop and maintain information security policies, procedures, standards, and guidelines. Conduct security awareness sessions and training programs to promote cybersecurity best practices across the organization.

• Data Protection & Privacy:
  Support implementation of data protection and privacy controls, including data classification, retention, encryption, backup security, and privacy impact assessments.

• Business Continuity & Disaster Recovery:
  Support BCP and DR activities, including testing, documentation reviews, and ensuring alignment with organizational resilience requirements.

• Reporting & Documentation:
  Maintain comprehensive documentation related to audits, risk assessments, incidents, vendor reviews, compliance activities, and management reporting for leadership and regulatory stakeholders.

• Security Tools & Technologies:
  Work with GRC platforms, SIEM tools, vulnerability management solutions, endpoint security tools, DLP solutions, and ticketing systems to support governance and security operations initiatives.

Qualification

• 2–5 years of hands-on experience in Governance, Risk & Compliance (GRC), Information Security, or Cybersecurity roles.

• Strong understanding of information security principles, cybersecurity frameworks, risk management methodologies, compliance processes, and security audits.

• Hands-on experience implementing or supporting standards/frameworks such as ISO 27001/27002, ISO 27701, SOC 2, PCI DSS, NIST CSF, CIS Controls, GDPR, DPDP, or related frameworks.

• Familiarity with security technologies such as SIEM, IAM/PAM, DLP, EDR/XDR, vulnerability management tools, and cloud security solutions.

• Good understanding of network security, endpoint security, access controls, encryption, secure configurations, and incident response processes.

• Experience with cloud environments (AWS/Azure/GCP) and cloud security best practices.Exposure to vendor risk assessments, business continuity planning (BCP), and disaster recovery (DR) processes is preferred.

• Basic understanding of vulnerability assessment and penetration testing (VAPT), log analysis, and security monitoring concepts is an added advantage.

• Strong analytical and problem-solving skills with attention to detail in identifying security gaps and compliance issues.

• Excellent written and verbal communication skills with the ability to prepare reports, policies, and executive-level presentations.

• Relevant certifications such as ISO 27001 LA/LI, CEH, Security+ are preferred.