Talent.com
Grc Analyst - Information Security

Grc Analyst - Information Security

PINKVILLAKollam, Republic Of India, IN
2 hours ago
Job description

Pinkvilla is seeking a dynamic Information Security professional, who will play a key role in driving compliance programs, managing audits, supporting data protection initiatives, and ensuring third-party security risks are effectively identified and mitigated.

Key Responsibilities

Governance, Risk & Compliance (GRC)

  • Develop, implement, and maintain information security policies, standards, and procedures.
  • Conduct risk assessments and drive risk treatment / mitigation plans.
  • Support security audits and ensure timely closure of findings.
  • Monitor compliance with frameworks / standards such as ISO 27001, NIST, CIS
  • Collaborate with security engineering and SOC teams on remediation of vulnerabilities, incident response, and security enhancements.
  • Contribute to cross-functional security initiatives requiring governance, technical, and operational alignment.
  • Provide training and awareness on security to drive security aware culture

Data Protection

  • Identify and mitigate risks associated with processing of personal and sensitive data.
  • Oversee data data classification, retention, and secure disposal practices.
  • Lead initiatives around Data Loss Prevention (DLP) — including policy finetuning, incident monitoring, and working with stakeholders on data handling improvements.

    • Third-Party Risk Management (TPRM)

  • Conduct security assessments and due diligence for vendors, partners, and service providers.
  • Review and evaluate vendor security controls, certifications, and compliance posture.
  • Manage the third-party risk lifecycle, including onboarding, periodic reviews, and issue remediation.
  • Work with procurement, legal, and business teams to integrate security requirements into contracts and agreements.

    • Qualifications :

  • Bachelor’s degree in Computer Science or Information Security or related field
  • 4–6 years of experience in Information Security roles with focus on GRC, Data Protection, and TPRM.
  • Strong understanding of security standards (ISO 27001, NIST, etc.).
  • Experience conducting risk assessments, vendor due diligence, and compliance reviews.
  • Good knowledge of data protection principles, privacy laws, and security best practices.
  • Excellent documentation, communication, and stakeholder management skills.

    • Preferred Skills :

  • Relevant certifications such as CISM, CISA, ISO 27001, CIPM, or CRISC .
  • Experience with GRC tools (e.G., Archer, ServiceNow GRC, OneTrust, or similar).
  • Knowledge of cloud security and SaaS vendor risk assessments.
    • Create a job alert for this search

    Information Security Analyst • Kollam, Republic Of India, IN