Lead GRC Consultant

Profile - Lead GRC Consultant

Location - Lower Parel Mumbai

Experience - 8

Salary - Upto 28 LPA

Role Summary

The Lead GRC Consultant will be responsible for overseeing the delivery of Audit Risk Compliance and Privacy consulting services. This role involves managing enterprise-level engagements ensuring regulatory alignment for clients and providing expert advisory on complex security frameworks. The Lead will also be responsible for team leadership methodology design and maintaining high-quality delivery standards.

Key Responsibilities

1. Engagement & Portfolio Management

Oversee the end-to-end delivery of GRC consulting projects (Audit Compliance and Privacy).

Align security and regulatory programs with client business objectives and risk appetite.

Develop long-term risk management and regulatory transformation roadmaps for clients.

2. Regulatory Advisory

Provide expert interpretation of Indian and global regulations including:

RBI Cyber Security Frameworks (Banks & NBFCs)

SEBI Cyber & IT Guidelines

DPDP Act CERT-In Directions and NIST Framework

ISO 27001:2022

Formulate defensible compliance positions and advisory reports for regulatory submission.

3. Executive Stakeholder Management

Act as the primary point of contact for CXOs CISOs and Risk Heads.

Translate technical audit findings into operational and financial risk language for boardlevel reporting.

Assist clients in securing approvals for security investments and compliance initiatives.

4. Quality Governance

Act as the final authority for technical review and quality assurance of all client deliverables.

Manage escalations related to project delivery and regulatory risks.

Ensure all audit reports and attestations meet industry and regulatory benchmarks.

5. Practice Development

Define GRC delivery methodologies operating models and standardized templates.

Lead recruitment efforts for senior and niche domain roles within the GRC practice.

Mentor team members and define competency frameworks and career paths.

Minimum Requirements:

Experience: 10 years in Information Security GRC with at least 4 years in a leadership/managerial role.

Mandatory Certifications: At least one of CISA CISM or CISSP.

Technical Expertise: Hands-on experience implementing or auditing RBI SEBI and ISO 27001 frameworks.

Education: Bachelors degree in IT Computer Science or a related field.

Preferred Qualifications:

Prior experience in Big 4 consulting or specialized boutique cyber security firms.

Privacy Certifications: CIPP/E CIPM or CDPO (specifically for DPDP Act implementation).

Advanced Risk: CRISC certification.

Education: MBA or Masters in Information Security Management.

Required Skills:

GRC ConsultingRBI Cybersecurity FrameworkISO 27001:2022DPDP ActCERT-In Directionsand NIST FrameworkStakeholder Management