Senior Analyst [GRC & Privacy] – Mumbai – 3 to 4 Years Experience
Job Description
TechDefence is seeking a Senior Analyst – GRC & Privacy to independently drive enterprise-wide Governance, Risk, Compliance (GRC), and Data Privacy programs aligned with global standards and regulatory requirements.
This role involves client-facing consultancy, end-to-end framework implementation, cybersecurity risk assessments, internal audits, and compliance reporting. The ideal candidate will be capable of translating technical risks into business-aligned insights for executive stakeholders while ensuring regulatory adherence and operational resilience.
Responsibilities:
- Lead implementation and assessments for ISO 27001, SOC 2, NIST, DPDP Act, PDPL, and GDPR.
- Conduct cybersecurity risk assessments, Business Impact Analysis (BIA), and Privacy Impact Assessments (PIA).
- Perform third-party and vendor risk assessments, including cloud service providers.
- Develop information security policies, SOPs, governance frameworks, and compliance documentation.
- Execute internal audits and present findings to senior stakeholders.
- Collaborate with IT, engineering, HR, legal, and business teams to implement security controls.
- Translate technical and compliance risks into clear, executive-level reports and dashboards.
Job Requirements
• 3–4 years of hands-on experience in GRC and data privacy programs.
• Strong knowledge of ISO 27001/27002, SOC 2, NIST, GDPR, and DPDPA.
• Experience in vendor risk management and audit processes.
• Understanding of security operations, Vulnerability Assessment & Penetration Testing (VA/PT), incident management, and patch management.
• Familiarity with GRC tools such as ServiceNow, Archer, OneTrust, or MetricStream.
• Strong analytical, documentation, and stakeholder communication skills.
Preferred Qualifications
• Degree in Information Security, IT, Computer Science, or a related field.
• Professional certifications such as CISM, CISA, or ISO 27001 Lead Auditor/Lead Implementer.
• Basic understanding of cloud security frameworks and controls.
• To Apply: Interested candidates may apply directly or share their updated resume.
About the Company
TechDefence is a cybersecurity and information security consulting organization specializing in Governance, Risk, Compliance, and Privacy services. The company supports enterprises in implementing global standards, managing regulatory obligations, and strengthening security posture through structured and scalable frameworks.
