Senior GRC Analyst
Pune, Maharashtra, India
Full Time
5 hours ago
No H1B
Key skills
CloudCyber SecurityAIGenerative AISaaSLeadershipRisk ManagementCommunication
About this role
Role Overview
- Support security and compliance initiatives aligned with industry frameworks including SOC 2, ISO/IEC 27001, ISO 27701, NIST CSF, NIST SP 800-53, CIS Controls, and CSA CCM.
- Assist in the execution of security, privacy, and risk assessments across cloud infrastructure, applications, and third-party vendors.
- Participate in external and internal audits, including SOC 1/2, ISO certification audits, customer audits, and internal risk reviews.
- Coordinate audit readiness activities, including evidence collection, control mapping, walkthroughs, and remediation tracking.
- Support compliance with privacy and data protection regulations, such as GDPR, CCPA/CPRA, and other global privacy laws, in partnership with Legal and Product teams.
- Contribute to the development, maintenance, and review of security policies, standards, procedures, and risk registers.
- Assist in identifying and assessing AI-related risks, such as data privacy, model bias, explainability, security misuse, and third-party AI dependencies.
- Support compliance efforts related to emerging AI regulations and standards, including EU AI Act, NIST AI Risk Management Framework (AI RMF), ISO/IEC 23894, and ISO/IEC 42001.
- Assist with third-party risk management (TPRM), including vendor assessments, due diligence reviews, and risk reporting.
- Assist with documentation and evidence collection for AI governance controls during internal, customer, and regulatory audits.
- Collaborate with Engineering and Product teams to ensure secure and responsible use of generative AI tools across the organization.
- Manage and continuously improve the internal security awareness and phishing simulation program.
Requirements
- 3–5 years of experience in GRC, information security, risk management, and IT audit, preferably in a SaaS or cloud-native environment.
- Strong understanding of IT security principles and technologies, as well as experience with cloud computing environments.
- Working knowledge of emerging AI standards and frameworks such as NIST AI RMF, ISO/IEC 42001, and OECD AI Principles.
- Familiarity with international and domestic compliance regulations, AI governance and risk management concepts, cybersecurity frameworks, and industry best practices.
- Experience supporting security, privacy, and compliance audits, including evidence collection and auditor interaction.
- Ability to interpret technical controls and translate them into compliance and risk documentation.
- Strong documentation, analytical, and communication skills.
- Professional certifications such as CRISC, CCSK or similar are highly desirable.
- Ability to communicate technical risk and compliance requirements clearly to engineering and non-technical stakeholders.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Collaborative, security-focused team
- Exposure to a broad range of security, privacy, cloud, and audit domains
- Strong foundation for career growth into senior GRC or security leadership roles