GRC Analyst

Responsibilities

• Manage cybersecurity risks through regular risk assessments, gap analyses, and control evaluations.
• Ensure compliance with regulatory guidelines including RBI/SEBI, GDPR, DPDP Act, PCI DSS, and SOC 2.
• Support internal and external audits by preparing documentation and tracking remediation plans.
• Coordinate vulnerability assessments and security reviews with infrastructure and cloud teams.
• Perform third-party vendor security assessments to manage supply chain cyber risks.
• Assist in incident management, including root cause analysis and post-incident compliance reviews.
• Maintain security governance frameworks, risk registers, and security metrics/KPIs.
• Develop and maintain information security policies, standards, and employee awareness programs.
• Support data protection initiatives, including data classification, encryption, and privacy impact assessments.

Requirements

• 2–5 years of hands-on experience in GRC, Information Security, or Cybersecurity roles.
• Strong knowledge of frameworks such as ISO 27001, NIST CSF, SOC 2, and PCI DSS.
• Familiarity with security technologies including SIEM, IAM/PAM, DLP, and EDR/XDR.
• Experience working within cloud environments such as AWS, Azure, or GCP.
• Strong analytical, problem-solving, and communication skills for reporting and policy development.

Preferred Qualifications

• Relevant certifications such as ISO 27001 Lead Auditor/Implementer, CEH, or Security+.
• Experience with Business Continuity Planning (BCP) and Disaster Recovery (DR) processes.
• Understanding of vulnerability assessment and penetration testing (VAPT) and log analysis.

About the Company

Digitap.ai is a technology-driven organization focused on building secure and scalable digital solutions. We are looking for dedicated professionals to help strengthen our security posture and ensure excellence in governance and compliance.