Amazure Technologies Pvt Ltd
Website:
amazuretec.com
Job details:
Job Title
Senior Consultant – GRC & Data Security
Location
Pune
Experience
6+ years (BFSI / NBFC experience preferred)
Role Objective
The role is responsible for driving Information Security Governance, Risk & Compliance (GRC) and Data Security initiatives across the NBFC, ensuring compliance with RBI regulations, DPDPA 2023, ISO 27001, and internal security policies. The position will work closely with IT, Legal, Compliance, Business, and third-party vendors to strengthen the organization’s security and data protection posture.
Key Responsibilities
1. Governance & Compliance
- Drive implementation and ongoing compliance with:
- RBI Cyber Security Framework for NBFCs
- RBI IT Governance & Outsourcing Guidelines
- DPDPA 2023 and associated rules
- ISO 27001 / SOC2 (if applicable)
- Develop, review, and maintain:
- Information Security policies, standards, and procedures
- Data protection and privacy policies
- Support internal and external audits, regulatory inspections, and management reviews.
2. Risk Management
- Conduct enterprise-level and application-level information security risk assessments.
- Maintain Risk Register, track mitigation actions, and report residual risks.
- Support risk acceptance and exception management with proper approvals.
3. Data Security & Privacy
- Implement and operationalize data classification, data handling, and data retention policies.
- Support DPDPA readiness, including:
- Data discovery and mapping
- Consent management requirements
- Data principal rights processes
- Breach notification support
- Work with IT teams on:
- Data encryption (at rest & in transit)
- DLP controls (email, endpoint, cloud)
- Secure data sharing mechanisms
4. Security Assurance & Operations Support
- Oversee VAPT, configuration reviews, and security assessments.
- Track vulnerability remediation and compliance to defined SLAs.
- Participate in incident response from a governance and compliance perspective.
- Review and approve security aspects of change management (application & infra changes).
5. Metrics, Reporting & Awareness
- Define and track GRC KPIs/KRIs for senior management and Board reporting.
- Prepare dashboards for:
- Compliance status
- Risk posture
- Audit findings and remediation
- Conduct security awareness and data privacy training for employees.
Key Skills & Competencies
Mandatory
- Strong understanding of:
- RBI Cyber Security & IT Governance guidelines for NBFCs
- ISO 27001 controls
- DPDPA / data privacy principles
- Hands-on experience with:
- Risk assessments & audits
- Policy drafting and governance frameworks
- Vendor risk management
- Ability to translate regulatory requirements into practical controls.
Preferred / Good to Have
- Experience with GRC tools
- Exposure to cloud security (AWS / Azure) from a governance standpoint
- Certifications:
- CISA / CISM / ISO 27001 LA / CIPM (preferred)
Stakeholder Management
- Work closely with:
- IT & Engineering teams
- Compliance & Legal teams
- Business owners
- External auditors and regulators
- Strong communication skills to interact with senior management and auditors.
Click on Apply to know more.