Role Profile:

The Governance, Risk & Compliance Admin will be responsible in implementing, interpreting, and ensuring compliance with information security policies. Assess and prioritize cybersecurity risks, supporting regulatory compliance, and report security metrics, maintaining governance standards, conducting risk assessments for internal systems and third-party vendors, enforcing security policies, and advising leadership on risk strategies such as mitigation, reduction, transfer, exception handling, and residual risk analysis.

The Below Key Performance Areas include but are not limited to:

• Implement a data security & privacy risk reporting framework aligned with ISO standards.
• Design and document controls to ensure compliance with regulatory and internal requirements.
• Facilitate remediation of control gaps and escalate critical issues to leadership.
• Manage exception review processes and ensure periodic documentation and review.
• Prepare for and support regulatory examinations such as PCI DSS.
• Collaborate with auditors and control owners to ensure timely completion of requests.
• Monitor and analyze information security metrics to evaluate program effectiveness.
• Conduct risk assessments to identify vulnerabilities in systems and third-party products.
• Recommend and implement controls to mitigate identified security risks.
• Communicate risk findings and actionable recommendations to stakeholders.
• Support workforce security initiatives including awareness and training programs.
• Facilitate eDiscovery and data collection for investigations of policy violations.
• Analyze security incidents and coordinate remediation and awareness efforts.
• Contribute to the development and lifecycle management of security policies and procedures.
• Collaborate across the organization to implement and enforce security policies.

Knowledge:Understanding of ISO standards and frameworks for information security risk reporting.Knowledge of designing and implementing technical, administrative, and physical security controls.Familiarity with regulatory compliance requirements (e.g., GDPR, PCI DSS) and audit processes.Experience in managing exception handling processes and compliance documentation.Ability to evaluate and improve the effectiveness of information security programs using metrics.Proficiency in conducting and documenting information security risk assessments.Knowledge of risk mitigation strategies and control implementation.Strong communication skills to convey risk findings and recommendations to stakeholders.Awareness of workforce security practices, including training and awareness programs.Experience with eDiscovery processes and handling policy violation investigations.Analytical skills for incident analysis and coordination of remediation efforts.Understanding of policy development, lifecycle management, and enforcement.Ability to collaborate across departments to implement security policies effectively.Experience:2 years experience in Information Security DomainGraduation Degree/BTech, Computer ScienceSecurity +, Networking, certifications is added advantage.Skills: Strong knowledge of information security governance, risk assessment, and compliance frameworks (e.g., GDPR, PCI DSS).Ability to develop, implement, and manage security policies, controls, and awareness programs.Proficiency in conducting risk assessments and analysing security metrics to support decision-making.Excellent communication and collaboration skills for working with leadership, auditors, and cross-functional teams.