Natobotics - Vice President - Information Security GRC Specialist

Job Title: VP Information Security (Governance, Risk & Compliance)

Location: Mumbai

Employment Type: Full-time

About the Role:

We are seeking an accomplished Information Security leader to join our Global CISO team, with a primary focus on Governance, Risk, and Compliance (GRC). This role will play a critical part in enhancing and embedding our unified risk and control framework (CRI) aligned with NIST 2.0 and global regulations. The VP GRC will serve as a trusted advisor to global and regional security leaders, driving a business-aligned risk and control strategy across regions.

Key Responsibilities:

- Serve as the primary liaison for regional regulatory requirements, external/internal audits, and risk register management.

- Conduct cyber risk assessments, control gap analyses, and define effective remediation strategies.

- Contribute to the global GRC strategy, including frameworks, policies, standards, and assist with implementation across multiple regions.

- Oversee compliance with ISO 27001, NIST, CRI, and regulatory mandates, ensuring frameworks remain effective and up to date.

- Perform business-aligned risk assessments for applications, systems, vendors, and cloud environments.

- Partner with cross-functional teams, including Global Security, IT, Risk, and Business Units, to embed security controls.

- Provide actionable insights and risk exposure reports to governance committees and senior management, supporting informed decision-making.

- Act as a thought leader for risk management best practices and influence organizational security posture at a strategic level.

Requirements:

- 10+ years of experience in Information Security Governance, Risk & Compliance, ideally within the financial services sector.

- Minimum 5 years in a senior leadership role driving enterprise-level security governance.

- Bachelors degree in Computer Science, Information Security, IT (Masters degree or MBA preferred).

- Professional certifications such as CISSP, CISM, CISA, CRISC, or equivalent are mandatory.

- Proven expertise in ISO 27001, NIST CSF/2.0, Unified Control Frameworks (CRI), and regulatory compliance.

- Experience in risk assessment methodologies, vendor risk management, and cloud risk governance.

- Strong strategic mindset with ability to balance business objectives with risk management priorities.

- Exceptional communication skills, with the ability to translate complex security issues into clear, business-relevant language for non-technical stakeholders.

- Demonstrated leadership, stakeholder management, and decision-making abilities in a global matrixed environment.