Job Description

The role will own, lead, and scale large, multi-client GRC programs across diverse industries. This role will own the strategy and execution of a risk-based GRC approach that identifies, measures, monitors and remediates information security and regulatory issues. Act as the primary advisor to client and executive stakeholders on risk posture, control design, audit strategy and compliance remediation -- driving measurable improvement in security posture and regulatory readiness.



Essential Duties and Responsibilities

Key Responsibilities: Strategic Program LeadershipOwn end-to-end delivery of large GRC projects/programs serving multiple clients and industry sectors. Define program governance, milestones, resourcing and budgets Develop and implement a risk-based GRC strategy and methodology that aligns with client business objectives, enterprise risk appetite, and applicable regulatory frameworks (e.g., NIST CSF and ISO 27001) Consolidate and right-size portfolio of audits to maximize balance of customer value and scale of organizational audit support Lead stakeholder management and executive engagement: present risk posture, compliance metrics, program status and strategic recommendations to executive management Establish and maintain a standardized and dynamic framework (policies, control libraries, risk assessment templates) suitable for cross-industry use Drive tooling, automation and data-driven reporting to scale assessments, monitoring, evidence collection and dashboards Conduct regulatory horizon scanning and translate emerging regulatory or industry changes into client requirements and program plans

Key Responsibilities: Assessment, Remediation, and ReportingDirect and define comprehensive information security risk assessments and control reviews against client frameworks and regulatory requirements Define audit approach, scope, and audit programs; define audit procedures and identify required specialists Direct execution of periodic audits and control testing; prepare executive summaries Direct and define prioritized remediation and action plans, schedules, resource allocation and status reporting to reduce risk and close compliance gaps Direct full cycle remediation process ensuring high value root cause issues resolved with appropriate risk acceptance and escalation paths Define high quality control systems, standards, and governance processes; recommend policy and process changes to mitigate risk and champion continuous improvement Act as trusted advisor during incident response and compliance investigations, providing remediation and remediation monitoring support

Qualifications

Education: Bachelor's degree or equivalent



Experience:11+ years of IT experience with minimum 8 years of experience in Information Security Security professional with expertise in GRC: IT audits, IT general controls, third party risk management, IT Risk Assessment, ISO 27001 implementation, ISMS audits SOC2 audit experience Model for interpersonal skills and stakeholder management Useful but not required certification: CISSP, ISO 27001 Lead Auditor, CISA, CISM
Work location : Bangalore (Remote)
United States Equal Opportunity Employment:


First Advantage is proud to be a global leader in removing barriers and supporting our community members to ensure the changing demographics of the workforce are reflected in our hiring and employment practices. We value all of our candidates, employees, and clients, and place great emphasis on hiring and supporting qualified individuals in each role. We are an equal opportunity employer. We do not discriminate on the basis of race, color, ethnicity, ancestry, religion, sex, national origin, sexual orientation, age, citizenship status, marital status, disability, gender identity, gender expression, veteran status, genetic information, or any other area protected by applicable law.




60lluHILwe