Job Responsibilities

Other Skills

- Strong understanding of enterprise risk management and third-party/vendor risk management.

- Solid knowledge of security best practices (e.g., IS policies, endpoint security, secure coding).

- Excellent communication, presentation, and stakeholder management skills.

- Analytical mindset with the ability to assess complex risks and design practical mitigation strategies.

- Project management skills to track GRC initiatives, audits, and remediation efforts.

Job Description

- Lead and manage the GRC function across the IS department to ensure alignment with regulatory obligations and organizational goals.

- Develop, implement, and track the GRC roadmap and strategy to proactively address evolving risks and regulatory requirements.

- Facilitate governance meetings; draft content, document minutes, and track follow-up recommendation(s) of IS-related governance committees and Action Taken Report (ATR).

- Design and maintain an enterprise-wide risk management program covering risk identification, assessment, mitigation, and validation.

- Oversee and coordinate remediation plans for identified risks and policy exceptions; ensure timely closure and reporting.

- Conduct periodic and ad-hoc risk assessments; maintain risk registers and track Key Risk Indicators (KRIs).

- Coordinate closely with the SOC team, internal management, and external consultants to address audit findings and strengthen security posture.

- Work collaboratively with internal teams to review and enhance security controls across trading systems, APIs, applications, databases, and network architecture.

- Lead compliance activities with SEBI, NCIPC, CERT-IN, and other applicable Indian regulatory bodies; ensure alignment with global standards like ISO 27001, SOC 2, and NIST Cybersecurity Framework.

- Tracking & ensuring resolution/response towards regulatory requirements, guidelines and communications etc. within defined timelines.

- Drive vendor and third-party risk assessments; manage vendor attestations and certifications (ISO, SOC 2, etc.).

- Collaborate with internal stakeholders and external auditors during compliance reviews and prepare necessary documentation.

- Develop and maintain policies and procedures reflecting regulatory updates and industry best practices.

- Oversee the implementation and continuous improvement of the Information Security Management System (ISMS) and IT General Controls (ITGC).

- Coordinate and support internal and external audits; track and manage remediation activities.

- Monitor emerging cybersecurity threats, regulatory updates, and technology trends; update policies and risk strategies accordingly.

- Promote security awareness and training programs covering topics like password hygiene, device security, and secure development practices.

-Define and report on metrics to measure GRC program maturity, effectiveness, and risk posture to leadership and regulators.

- Manage and maintain IS Budget details and required documentation

- Track and maintain payments of IS department vendors, documents like invoices, approval notes, POs etc. SLA reviews and releasing payments as per PO terms.

Other Details

- Relevant experience in Governance, Risk, and Compliance, preferably in financial services, fintech, or exchange environments.

- Proven experience implementing and managing frameworks such as ISO 27001, SEBI CSCRF, NIST Cybersecurity Framework, COBIT etc.

- Strong knowledge of the Indian regulatory landscape relevant to exchanges and financial institutions (SEBI, NCIPC, CERT-IN, etc.).

- Hands-on experience coordinating audits, managing remediation plans, and working with internal and external stakeholders