Assistant Manager – (GRC) Information Security

Job Responsibilities

Other Skills

• Strong understanding of enterprise risk management and third-party/vendor risk management.
• Solid knowledge of security best practices (e.g. IS policies endpoint security secure coding).
• Excellent communication presentation and stakeholder management skills.
• Analytical mindset with the ability to assess complex risks and design practical mitigation strategies.
• Project management skills to track GRC initiatives audits and remediation efforts.

Job Description

• Lead and manage the GRC function across the IS department to ensure alignment with regulatory obligations and organizational goals.
• Develop implement and track the GRC roadmap and strategy to proactively address evolving risks and regulatory requirements.
• Facilitate governance meetings; draft content document minutes and track follow-up recommendation(s) of IS-related governance committees and Action Taken Report (ATR).
• Design and maintain an enterprise-wide risk management program covering risk identification assessment mitigation and validation.
• Oversee and coordinate remediation plans for identified risks and policy exceptions; ensure timely closure and reporting.
• Conduct periodic and ad-hoc risk assessments; maintain risk registers and track Key Risk Indicators (KRIs).
• Coordinate closely with the SOC team internal management and external consultants to address audit findings and strengthen security posture.
• Work collaboratively with internal teams to review and enhance security controls across trading systems APIs applications databases and network architecture. Page 2 of 2 The last date for submission of applications for above-mentioned position is Jul 07 2025. Employee who has worked at least for a period of two years in the existing department and in case of designation change a minimum of 3 years at the existing designation can apply for the said IJP...
• Lead compliance activities with SEBI NCIPC CERT-IN and other applicable Indian regulatory bodies; ensure alignment with global standards like ISO 27001 SOC 2 and NIST Cybersecurity Framework.
• Tracking & ensuring resolution/response towards regulatory requirements guidelines and communications etc. within defined timelines.
• Drive vendor and third-party risk assessments; manage vendor attestations and certifications (ISO SOC 2 etc.).
• Collaborate with internal stakeholders and external auditors during compliance reviews and prepare necessary documentation.
• Develop and maintain policies and procedures reflecting regulatory updates and industry best practices.
• Oversee the implementation and continuous improvement of the Information Security Management System (ISMS) and IT General Controls (ITGC).
• Coordinate and support internal and external audits; track and manage remediation activities.
• Monitor emerging cybersecurity threats regulatory updates and technology trends; update policies and risk strategies accordingly.
• Promote security awareness and training programs covering topics like password hygiene device security and secure development and report on metrics to measure GRC program maturity effectiveness and risk posture to leadership and regulators.
• Manage and maintain IS Budget details and required documentation
• Track and maintain payments of IS department vendors documents like invoices approval notes POs etc. SLA reviews and releasing payments as per PO terms.

Other Details

• Relevant experience in Governance Risk and Compliance preferably in financial services fintech or exchange environments.
• Proven experience implementing and managing frameworks such as ISO 27001 SEBI CSCRF NIST Cybersecurity Framework COBIT etc.
• Strong knowledge of the Indian regulatory landscape relevant to exchanges and financial institutions (SEBI NCIPC CERT-IN etc.).
• Hands-on experience coordinating audits managing remediation plans and working with internal and external stakeholders

Required Skills:

GRCSEBI RegulationsCISM