Senior Director - Governance, Risk, & Compliance (GRC)

Unisys -
Bengaluru, Karnataka

Apply Now

Job details

Full-time
15 hours ago

Qualifications

PCI
CISSP
SOX
Information security
CISM
NIST standards
Risk management
ISO 27002
ISO 27001
Cybersecurity
Leadership
GIS

Full job description

What success looks like in this role:

The Senior Director – GRC is a strategic leadership role responsible for

Creating the vision for the GRC program
Clear understanding of the business and how the GRC function can be a business enabler
Support the CISO

This role ensures alignment with regulatory requirements, industry standards, and business objectives while providing executive oversight across risk, audit, compliance, and assurance functions.

The position partners closely with the internal teams - CISO, BISO’s, Corporate IT and cross-functional teams (Privacy, Legal, HR, Procurement, Corporate Real Estate), and external teams - Vendors and Customers to drive a risk-aware culture, strengthen control frameworks, and enable secure business growth.

Key Responsibilities

1. GRC Strategy & Governance

Define and execute the enterprise GRC strategy aligned to cybersecurity and business objectives
Establish governance frameworks, policies, standards, and operating models across GIS
Provide executive reporting to CISO, senior leadership, and Board-level committees on risk posture and compliance status
Drive continuous improvement of GRC maturity leveraging frameworks such as NIST CSF and ISO 27001

2. Risk Management (Cyber & IT Risk)

Own the Cybersecurity area within the Enterprise Risk Management (ERM) program including risk identification, assessment, mitigation, and reporting
Maintain and govern the centralized risk register in the GRC tool and ensure timely updates across BUs through the BISOs and other corporate functions.
Define risk appetite, tolerance, and escalation mechanisms
Facilitate risk-based decision-making processes including Policy exception and risk acceptance processes and criteria.

3. Compliance & Regulatory Management

Ensure compliance with global and regional regulatory requirements (e.g., SOX ITGC, NIS2, DORA, GDPR, CRA as applicable)
Govern adherence to industry standards and certifications:
- ISO 27001, ISO 22301, ISO 20000 and ISO 9000
- Corporate SOC 1 Type II, Client Specific SOC 2 Type II
- NIST, PCI-DSS, Cyber Essentials Plus and other regional certifications
Oversee internal controls design, testing, and remediation tracking
Act as the primary escalation point for compliance risks and audit findings

4. Audit & Assurance

Provide executive oversight for:
- Internal audits (IA), external audits, and regulatory reviews
- Audit planning, execution coordination, and closure of findings
Govern audit partner relationships and ensure audit readiness across the organization
Ensure effective remediation and closure of audit findings within defined timelines

5. Third-Party Risk Management (TPRM)

Lead the enterprise TPRM program including:
- Risk assessments of suppliers and partners
- Security clauses in supplier contracts
Partner with Procurement, Legal, and Privacy functions
Ensure continuous monitoring of third-party risk posture through Security Rating tools

6. Policy, Standards & Control Framework

Establish and maintain corporate information security policies, standards, and procedures
Ensure alignment with control frameworks (ISO, NIST)
Govern policy lifecycle management, including annual reviews, approvals, updates, and awareness.
Standardize documentation and ensure consistency across GIS artifacts

7. Security Awareness & Culture

Provide executive sponsorship to Security Awareness & Training programs
Ensure alignment of training with risk landscape and organizational priorities
Monitor effectiveness through metrics, reporting, and behavioral risk reduction

8. Business Continuity and Disaster Recovery

Define, implement and test Business Continuity and Disaster recovery plans across the defined scope of the enterprise.
Work closely with the Enterprise Resilience team to align Business Continuity Plans with Corporate Crisis Management plans

9. Business & Client Engagement

Support client security assurance activities:
- RFP/RFI responses
- Security questionnaires
- Contract and security exhibit reviews
Act as executive point of contact for key customers on security governance matters

10. Metrics, Reporting & Governance

Define KPIs/KRIs for all domains of GIS and report out through Monthly automated dashboards.
Lead governance forums such as: Risk Review Boards and Policy Exception Review Boards
Drive data-driven decision making and transparency across stakeholders
Preparation of slides for Board and CISO

11. Team Leadership

Lead a global GRC organization including Risk, Compliance, Audit, TPRM, Policy, BCM/DR functions
Provide leadership oversight to the GIS India associates as the ‘GIS India leader’ and build high-performing teams and ensure capability maturity

You will be successful in this role if you have:

Experience & Qualifications

18–25+ years in IT / Information Security with:
- 12+ years in cybersecurity
- 8+ years in GRC leadership roles
Strong experience across:
- Risk management, audit, compliance, and policy frameworks
- Enterprise-scale GRC program leadership
Prior experience interacting with:
- Executive leadership (CISO, CIO, COO, Risk Committee)
- Regulators and external auditors

Preferred Certifications

CISA / CISM / CRISC / CISSP
ISO 27001 Lead Implementer / Lead Auditor

Successful Candidate Will Have:

Mature, scalable GRC operating model across geographies
Strong audit outcomes with minimal findings and timely remediation
Clearly articulated and quantified enterprise risk posture
High stakeholder confidence (Risk Committee, Clients, Regulators)
Measurable reduction in security and compliance risk

Reporting Structure

Reports to: Chief Information Security Officer (CISO)
Direct reports: Heads of Risk, Compliance, TPRM, Audit, Policy & BCM, Program Manager for Security Awareness

Unisys is proud to be an equal opportunity employer that considers all qualified applicants without regard to age, blood type, caste, citizenship, color, disability, family medical history, family status, ethnicity, gender, gender expression, gender identity, genetic information, marital status, national origin, parental status, pregnancy, race, religion, sex, sexual orientation, transgender status, veteran status or any other category protected by law.

Local employment practices and rights may vary by jurisdiction and are subject to applicable local laws. This commitment includes our efforts to provide for all those who seek to express interest in employment the opportunity to participate without barriers.

If you are a US job seeker unable to review the job opportunities herein, or cannot otherwise complete your expression of interest, without additional assistance and would like to discuss a request for reasonable accommodation, please contact our Global Recruiting organization at [email protected] . US job seekers can find more information about Unisys’ EEO commitment here .

Apply Now

Jobseeker tools

Employer Tools

Browse

Stay Connected