L3 – Vulnerability Management, Risk and Compliance Lead

Hi, We have 4 open positions for the below role in Mumbai, Secondary location is Pune. Interested candidates can email their updated profiles to [HIDDEN TEXT] alongwith the following details : Current CTC, Expected CTC, Notice period, Preferred location : Mumbai / Pune

L3 – Vulnerability Management, Risk & Compliance Lead

Job Summary :

ITCI Cyber Security team is looking for the role which is accountable for leading the organization's end-to-end vulnerability lifecycle and aligning risk and compliance efforts with regulatory mandates such as RBI Master Directions and SEBI Cybersecurity Framework. The individual will ensure timely vulnerability detection, validation, remediation governance, and risk-based prioritization. The role also anchors all compliance readiness activities across cybersecurity, translating control gaps into actionable security initiatives while coordinating with internal and external audit functions.

Key Responsibilities :

• Lead the overall vulnerability management lifecycle across infra and application assets (VM, risk scoring, remediation tracking).
• Own end-to-end delivery of VM scans, validation cycles, and risk-based prioritization using tools like Tenable / Nessus.
• Map vulnerabilities to business risk and generate executive-level dashboards with risk exposure summaries.
• Define and maintain risk treatment plans per RBI and SEBI frameworks, coordinating with infra and app teams.
• Conduct compliance checks, technical control validations, and support readiness for RBI / SEBI / ISO audits.
• Perform monthly risk posture reviews, threat trend reporting, and mitigation progress evaluations.
• Oversee gap assessments against RBI Master Direction, SEBI circulars, and DPDP data security provisions.
• Provide expertise in documenting technical controls, ISMS artifacts, and audit trails for internal and external audits.
• Engage with stakeholders to establish security exceptions, compensating controls, and policy deviation approvals.
• Build and maintain GRC tools and risk registers with role-based access and automated updates.

Key Skills & Certifications :

Show more

Show less

Skills Required

Iso 27001, Cisa, Qualys, crisc