Senior GRC Analyst

Reposted 4 Hours Ago
Be an Early Applicant
Pune, Mahārāshtra, IND
In-Office
Senior level
Information Technology • Security • Cybersecurity
The Role
The GRC Lead is responsible for overseeing the Governance, Risk, and Compliance framework, aligning with regulations and standards, managing risks, and promoting compliance across the organization.
Summary Generated by Built In

Come work at a place where innovation and teamwork come together to support the most exciting missions in the world!

Job Description: GRC Lead

Role Title: Governance, Risk & Compliance (GRC) Lead
Department: Security Operations- Governance, Risk and Compliance (GRC)
Reporting To: Manager – GRC
Location: Pune (Hybrid)

Experience: 8–10 years

Role Type: Full‑time

Role Overview

The GRC Lead is responsible for establishing, leading, and continuously improving the organization’s Governance, Risk, and Compliance framework across technology, information security, and business operations. This role ensures alignment with regulatory requirements, industry standards, and organizational risk appetite while enabling business growth and resilience.

The GRC Lead partners closely with technology, security, legal, compliance, internal audit, procurement, and business stakeholders to proactively identify, assess, mitigate, and monitor risks, including third‑party, cyber, regulatory, and operational risks.

Key Responsibilities

Governance & Policy Management

  • Define and maintain enterprise‑level GRC frameworks, policies, standards, and procedures
  • Establish governance structures for risk ownership, escalation, and decision‑making
  • Ensure alignment between business objectives, risk appetite, and control frameworks
  • Drive security and risk awareness across the organization

Risk Management

  • Lead the enterprise and technology risk assessment lifecycle (identification, assessment, treatment, monitoring)
  • Own risk registers and ensure risks are tracked, reviewed, and mitigated effectively
  • Support risk quantification and scenario analysis where applicable
  • Report risk posture to senior leadership and governance committees
  • Integrate risk management into SDLC, cloud adoption, and digital initiatives

Compliance & Assurance

  • Ensure compliance with applicable laws, regulations, and standards, such as:
    • ISO 27001 / ISO 27701
    • NIST CSF / NIST 800‑53
    • SOC 1 / SOC 2
    • GDPR, DPDP Act, HIPAA, PCI DSS (as applicable)
  • Coordinate internal and external audits; manage audit responses and remediation
  • Maintain compliance evidence and documentation
  • Track regulatory changes and assess business impact

Third‑Party & Vendor Risk Management

  • Design and operate the Third‑Party Risk Management (TPRM) program
  • Conduct vendor risk assessments, including cybersecurity, operational, and data privacy risks
  • Partner with procurement, legal, and business owners on onboarding and renewals
  • Monitor critical vendors and ensure remediation of identified issues

Metrics, Reporting & Continuous Improvement

  • Define and track GRC KPIs and KRIs
  • Develop dashboards and executive‑level risk reports
  • Mature GRC processes through automation and GRC tooling
  • Benchmark program maturity against industry best practices

Leadership & Stakeholder Management

  • Act as a trusted advisor to executive leadership and business teams
  • Lead and mentor GRC analysts and specialists (if applicable)
  • Influence without authority across technical and non‑technical teams

Required Qualifications

Education

  • Bachelor’s degree in Information Technology, Cybersecurity, Risk Management, Law, or related field
  • Master’s degree preferred

Experience

  • 8–12+ years of experience in GRC, technology risk, cybersecurity, or compliance
  • Proven experience leading or managing enterprise‑scale GRC programs
  • Hands‑on experience with audits, risk assessments, and regulatory engagements
  • Experience working with global or regulated environments preferred

Technical & Professional Skills

  • Strong knowledge of:
    • IT risk, cybersecurity risk, and control frameworks
    • Regulatory compliance and audit practices
    • Third‑party risk management
  • Experience with GRC tools (e.g., ServiceNow GRC, RSA Archer, MetricStream, OneTrust)
  • Ability to translate technical risks into business impact
  • Excellent written and verbal communication skills
  • Strong stakeholder management and influencing skills

Certifications (Preferred)

  • CRISC, CISA, CISM
  • ISO 27001 Lead Implementer / Lead Auditor
  • CISSP (desirable)
  • FAIR or risk quantification certifications (optional but valued)

Skills Required

  • Bachelor's degree in Information Technology, Cybersecurity, Risk Management, Law, or related field
  • 8-12+ years of experience in GRC, technology risk, cybersecurity, or compliance
  • Proven experience leading or managing enterprise-scale GRC programs
  • Hands-on experience with audits, risk assessments, and regulatory engagements
  • Strong knowledge of IT risk, cybersecurity risk, and control frameworks
  • Experience with GRC tools e.g., ServiceNow GRC, RSA Archer, MetricStream, OneTrust
  • Excellent written and verbal communication skills

Qualys Compensation & Benefits Highlights

The following summarizes recurring compensation and benefits themes identified from responses generated by popular LLMs to common candidate questions about Qualys and has not been reviewed or approved by Qualys.

  • Affordable Benefits Benefits costs are widely viewed as low for employees and dependents, with healthcare often described as almost fully paid for. Feedback suggests this affordability helps offset perceptions of lower base pay in some roles.
  • Healthcare Strength Healthcare offerings are broad, including multiple medical plan options, dental and vision coverage, mental health support, and disability insurance. Benefits are described as “pretty amazing” or “great,” reinforcing perceived quality and coverage depth.
  • Equity Value & Accessibility Equity participation is accessible through company stock plans and an employee stock purchase plan. Compensation packages commonly include equity alongside salary and bonus, which some consider a meaningful part of total rewards.

Qualys Insights

Am I A Good Fit?
beta
Get Personalized Job Insights.
Our AI-powered fit analysis compares your resume with a job listing so you know if your skills & experience align.

The Company
HQ: Foster City, CA
2,736 Employees
Year Founded: 1999

What We Do

Qualys, Inc. (NASDAQ: QLYS) is a pioneer and leading provider of disruptive cloud-based security, compliance and IT solutions with more than 10,000 subscription customers worldwide, including a majority of the Forbes Global 100 and Fortune 100. Qualys helps organizations streamline and automate their security and compliance solutions onto a single platform for greater agility, better business outcomes, and substantial cost savings. The Qualys Cloud Platform leverages a single agent to continuously deliver critical security intelligence while enabling enterprises to automate the full spectrum of vulnerability detection, compliance, and protection for IT systems, workloads and web applications across on premises, endpoints, servers, public and private clouds, containers, and mobile devices. Founded in 1999 as one of the first SaaS security companies, Qualys has strategic partnerships and seamlessly integrates its vulnerability management capabilities into security offerings from cloud service providers, including Amazon Web Services, the Google Cloud Platform and Microsoft Azure, along with a number of leading managed service providers and global consulting organizations. For more information, please visit http://www.qualys.com

Similar Jobs

CrowdStrike Logo CrowdStrike

Supervisor, Cloud Operations

Cloud • Computer Vision • Information Technology • Sales • Security • Cybersecurity
Hybrid
Pune, Mahārāshtra, IND
10000 Employees

Optum Logo Optum

Senior ERP Analyst

Artificial Intelligence • Big Data • Healthtech • Information Technology • Machine Learning • Software • Analytics
In-Office
Pune, Mahārāshtra, IND
160000 Employees

Tufin Logo Tufin

Devops Engineer

Security • Cybersecurity
Remote or Hybrid
India
500 Employees

Capco Logo Capco

Axiom BA

Fintech • Professional Services • Consulting • Energy • Financial Services • Cybersecurity • Generative AI
Remote or Hybrid
India
6000 Employees

Similar Companies Hiring

Credal.ai Thumbnail
Software • Security • Productivity • Machine Learning • Artificial Intelligence
Brooklyn, NY
Standard Template Labs Thumbnail
Artificial Intelligence • Information Technology • Software
New York, NY
25 Employees
Golden Pet Brands Thumbnail
Digital Media • eCommerce • Information Technology • Marketing Tech • Pet • Retail • Social Media
El Segundo, California
178 Employees

Sign up now Access later

Create Free Account

Please log in or sign up to report this job.

Create Free Account