Compliance Manager, IT​/Tech

GRC Analyst — Governance, Risk & Compliance

Reports to:

Portfolio CISO / VP Security |

Experience:

4–5 years in GRC, audit, or compliance roles |

Location:

Pune| Type:
Full-time

ABOUT THE ROLE:

The GRC Analyst will build and maintain the security governance framework across the portfolio companies. You will develop policies, maintain risk registers, manage vendor assessments, and drive compliance alignment across 17 portfolio companies with diverse regulatory obligations.

KEY RESPONSIBILITIES
Develop, maintain, and communicate Information Security Policy suite across portfolio
Build and manage technology risk registers for each portfolio company
Conduct annual vendor risk assessments and enforce security clauses
Lead data classification program rollout across all portfolio entities
Coordinate ISO 27001 and SOC 2 compliance efforts where applicable
Track policy exception requests, risk acceptances, and control deficiencies
Facilitate governance forums and prepare board/exec-level risk reporting
Manage security awareness training programs and phishing simulation schedules
Perform internal control assessments and maturity re-evaluations annually

REQUIREMENTS & SKILLS
Bachelor's in Information Systems, Law, or Risk Management
5+ years in GRC, audit, or Info Sec compliance roles
Strong knowledge of ISO 27001, NIST CSF, SOC 2, GDPR frameworks

Experience with GRC tools (Service Now, Archer, Vanta, Drata, One Trust)
Excellent documentation and policy writing skills
Ability to translate technical risks into business language for executives
Certifications preferred: CISM, CISA, CRISC, ISO 27001 Lead Implementer
Experience in multi-entity or portfolio-level governance environments
Strong stakeholder management and cross-functional communication skills

TOOLS & TECHNOLOGIES
Service Now GRC
Archer
Reporting Drata
Power BI
Vanta
Microsoft Purview
ISO 27001
SOC 2
NIST CSF
One Trust
Jira