GRC Analyst
On-site · Bengaluru, Karnataka, India
Job Summary
GRC Analyst responsible for managing cybersecurity risk, regulatory/compliance oversight, governance, risk assessments, and third-party risk management. Core duties include coordinating vulnerability assessments, preparing documentation for audits, implementing and maintaining information security policies and controls (ISO 27001/27002, NIST, GDPR/DPDP, PCI DSS, SOC 2), and supporting risk mitigation across business functions. The role encompasses security governance, risk registers, exception management, and security metrics/KPIs, as well as incident management, identity and access governance, data protection, disaster recovery planning, and ongoing security awareness. Requires hands-on experience in GRC or information security, familiarity with cloud security (AWS/Azure/GCP), vendor risk assessments, and the ability to produce reports and executive-level presentations. Certifications such as ISO 27001 LA/LI, CEH, or Security+ are preferred.
Required Qualifications
- 2-5 years hands-on experience in Governance, Risk & Compliance or Information Security/Cybersecurity roles
- Experience implementing or supporting ISO 27001/27002, ISO 27701, SOC 2, PCI DSS, NIST CSF, CIS Controls, GDPR, DPDP, or related frameworks
- Familiarity with SIEM, IAM/PAM, DLP, EDR/XDR, vulnerability management tools, and cloud security solutions
- Knowledge of network security, endpoint security, access controls, encryption, secure configurations, and incident response
- Experience with cloud environments (AWS/Azure/GCP) and cloud security best practices
- Exposure to vendor risk assessments, BCP, and DR processes (preferred)
- Strong analytical and problem-solving skills with attention to detail
- Excellent written and verbal communication skills with ability to prepare reports, policies, and executive-level presentations
- Relevant certifications such as ISO 27001 LA/LI, CEH, Security+ (preferred)
- 2-5 years of hands-on GRC/Information Security or Cybersecurity experience
- Understanding of governance, risk management and compliance concepts
- Ability to coordinate audits and remediation activities
- Experience with data protection and privacy controls
- Basic understanding of vulnerability assessment and security monitoring concepts
Apply with one swipe on Sorce. We auto-fill applications and apply on your behalf — no cover letters, no 40-minute forms.
Hiring someone like this?
Get your role in front of qualified candidates on Sorce.