Governance, Risk and Compliance (GRC) Lead

Money Honey Finance Pvt Ltd
Goregaon, Mumbai, Maharashtra

Quick apply

Job details

Full-time
₹6,00,000 - ₹20,00,000 a year
2 days ago

Qualifications

Azure
PCI
Information security
CISM
AWS
Cloud security
NIST standards
ISO 27001
RMF
Communication skills

Full job description

About the Role

We are seeking an experienced Governance, Risk & Compliance (GRC) Lead to spearhead the design, implementation, and maintenance of our ISO 27001 Information Security Management System (ISMS). This is a hands-on leadership role responsible for establishing a robust security governance framework, achieving ISO 27001 certification, and embedding a culture of continuous security improvement across the organisation.

Key Responsibilities

● ISMS Implementation & Certification: Lead end-to-end ISO 27001 implementation from gap analysis through to successful Stage 1 and Stage 2 certification audits; manage external auditor relationships

● Risk Management: Develop and operationalize the information security risk management framework; conduct risk assessments, treatment planning, and risk acceptance processes.

● Policy & Governance : Author, approve, and maintain the Statement of Applicability (SoA), information security policies, standards, and procedures aligned with ISO 27001 Annex A controls.

● Control Implementation: Translate ISO 27001 Annex A controls into operational security measures; coordinate with IT, Accounts, HR, Backoffice, and business units to implement and validate controls.

● Compliance Monitoring: Establish continuous monitoring, internal audit programs, and KPIs/KRIs to measure ISMS effectiveness; manage non-conformities and corrective actions.

● Third-Party Risk: Oversee vendor security assessments and ensure supply chain security controls meet organizational and ISO 27001 standards.

● Stakeholder Management: Report ISMS performance, risks, and compliance status to senior leadership and the board; act as primary liaison for external auditors and regulators.

Required Qualifications

● 5+ years of experience in information security governance, risk, and compliance

● Proven track record of leading at least one full ISO 27001:2022 certification cycle (gap analysis → certification)

● Deep expertise in ISO 27001:2022 standard, Annex A controls, and ISMS documentation requirements

● Strong understanding of risk assessment methodologies (e.g., ISO 27005, NIST RMF, OCTAVE, FAIR)

● Familiarity with internal audit practices and managing external certification bodies

● Excellent stakeholder management and ability to influence across technical and non-technical teams

● Strong documentation and communication skills — able to translate complex standards into actionable guidance

Preferred Qualifications

● Experience implementing ISMS in fintech, healthcare, or regulated industries

● Experience with SOC 2, GDPR, NIST CSF, PCI-DSS, or other compliance frameworks

● Background in cloud security (AWS, Azure, GCP) and DevSecOps environments

● Knowledge of automation for compliance evidence collection and control testing

● Certifications: CISM, CRISC, CISA, ISO 27001 Lead Auditor, or ISO 27001 Lead Implementer

Pay: ₹600,000.00 - ₹2,000,000.00 per year

Work Location: In person

Quick apply

Jobseeker tools

Employer Tools

Browse

Stay Connected