Lead Information Security - GRC

This role is for one of the Weekday's clients

Salary range: Rs 2500000 - Rs 6000000 (ie INR 25-60 LPA)

Min Experience: 5 years

Location: Bangalore

JobType: full-time

The Lead Information Security – GRC will play a critical role in strengthening the organization’s information security, risk, and compliance posture. This position is responsible for leading governance frameworks, driving risk assessments, managing compliance initiatives, and enhancing the maturity of the IS & IT GRC program. The role involves close collaboration with internal stakeholders, regulators, and auditors to ensure ongoing compliance with industry standards and regulatory requirements.

Key Responsibilities

Governance, Risk & Compliance Leadership

• Establish, maintain, and continuously improve the IS & IT GRC framework aligned with organizational objectives
• Drive periodic reviews, compliance initiatives, and remediation of identified gaps
• Ensure governance frameworks support audit, legal, regulatory, and risk obligations

Risk Management

• Conduct risk assessments for new and existing systems, services, and technologies
• Identify, analyze, and mitigate information security risks to minimize business impact
• Maintain and regularly update the enterprise risk register

Compliance Management

• Assess and ensure compliance with ISO/IEC 27001 and internal information security frameworks
• Track compliance activities through an up-to-date compliance calendar
• Ensure adherence to internal policies, contractual obligations, and regulatory requirements, including RBI guidelines
• Maintain comprehensive documentation to support compliance readiness

Audit & Reporting

• Plan and manage internal and external audits, ensuring complete and accurate documentation
• Track audit observations and drive timely closure with relevant teams
• Prepare clear and detailed audit reports for senior management and stakeholders

Process Improvement

• Continuously enhance information security policies, processes, and procedures in line with industry best practices
• Drive maturity improvements across governance, risk, and compliance functions

Awareness & Training

• Partner with Learning & Development teams to deliver information security awareness and compliance training
• Promote a strong culture of security and compliance across the organization

Stakeholder Collaboration

• Work closely with internal teams, leadership, auditors, and external stakeholders on security and compliance initiatives
• Support security-related projects and ensure alignment across business and technology teams

Qualifications & Experience

• 5–7+ years of experience in information security governance, risk, and compliance within complex organizations
• Hands-on experience building and managing internal IT risk and compliance programs
• Strong expertise in ISO/IEC 27001 implementation, maintenance, and internal audits
• Working knowledge of PCI DSS and SOC 2 standards
• Experience in regulated environments governed by RBI, NPCI, SEBI, or IRDAI is highly desirable
• Strong understanding of information security operations, controls, and technologies
• Excellent documentation, reporting, and stakeholder management skills
• Certifications such as CISM, CISA, or ISO 27001 Lead Implementer are preferred
• Prior experience in financial services or regulated fintech environments is a strong advantage

Key Skills

• Information Security GRC
• ISO 27001
• Risk Management
• Compliance & Regulatory Frameworks
• Internal Audits
• RBI Guidelines
• Governance & Controls