Roles & Responsibilities

• Work closely with the Infrastructure team to achieve and maintain compliance with regulatory and applicable security standards and regulatory frameworks.
• Provide strategic recommendations to improve IT compliance-related processes, controls, and procedures.
• Partner with management, business stakeholders, and application teams to design and implement compliant and scalable solutions.
• Develop, review, and maintain IT policies and procedures, and recommend enhancements to existing documentation.
• Collaborate with system administrators and infrastructure teams to ensure that security and compliance controls are appropriately designed, implemented, and operating effectively.
• Conduct audit readiness assessments and coordinate with internal teams, internal audit, and external auditors.
• Define, collect, and analyze security and compliance metrics (KPIs/KRIs) to assess risk posture and identify trends.
• Work with the Information Security team and cross-functional business teams to address security challenges.
• Respond to security and compliance questionnaires, audits, and information requests from customers, partners, and regulators.

Requirements

• 8-12 years of experience in Governance, Risk & Compliance (GRC).
• Plus if Hands-on experience with compliance frameworks such as ISO 27001, NIST, and GDPR.
• Strong ability to interpret audit findings, security requirements, and regulatory expectations.
• Good understanding of policies, procedures, and control implementation.
• Excellent verbal and written communication skills with the ability to engage technical and non-technical stakeholders.
• Proven experience working with senior leadership, internal audit, external auditors, consultants, and legal teams.
• Demonstrated experience contributing to or leading large-scale, cross-functional projects.