Leadership Role - IT GRC - Financial Services/NBFC

We are scounting for Senior professional in IT GRC (Information security, Cyber Security) role for one of our leading client into Financial Services Industry based in MUMBAI.

5 days work from office (No hybrid)

Overview :

- Cyber Security Governance, Risk & Compliance (GRC) is responsible for establishing, maintaining, and continuously enhancing the enterprise-wide cyber risk management and governance program. The role ensures that cyber risks are identified, assessed, treated, and monitored in alignment with regulatory expectations, global security frameworks, and organization's risk appetite.

As a senior,should provide oversight and challenge to first-line functions, acts as a strategic custodian of the organization's cyber risk posture, and drives maturity across governance, risk, compliance, and resilience domains.

Job Description :

1. Governance & Policy

- Govern the lifecycle of security exceptions, deviations, compensating controls, and risk sign-offs.

- Oversee and maintain the Policy Exception Management framework and structured repository.

- Ensure policies, standards, and procedures are aligned with regulatory updates and industry best practices.

2. Cyber Risk Management

- Own the enterprise cyber risk taxonomy, KRIs, risk heatmaps, and dashboards aligned with regulatory bodies (e.g., RBI, IRDAI, CERT-In).

- Lead periodic control reviews for high-risk and emerging-risk domains.

- Perform thematic risk reviews, scenario analyses, and maturity assessments against global frameworks (e.g., NIST CSF, ISO 27001, CIS).

3. Compliance & Audit

- Govern and facilitate threat landscape reviews, ensuring controls evolve to mitigate modern attack vectors.

- Manage regulatory reporting and ensure continuous adherence to legal, regulatory, and contractual cyber obligations.

4. Incident Response & Business Continuity

- Collaborate with SOC, IR, and Cyber Resilience teams to maintain and enhance incident response and recovery capabilities.

- Provide second-line oversight for business continuity (BCP) and disaster recovery (DR) planning, testing, and assurance.

- Review cyber incident trends, root-cause analyses, and lessons learned.

5. Stakeholder Engagement & Reporting

- Partner with Technology, Legal, Enterprise Risk, Compliance, and Business Units to embed cybersecurity controls and risk practices into business processes.

We encourage you to apply who have a relevant skillset into GRC for atleast 7-8 years.