Website:
nextpower.com
Job details:
Role: Senior Governance, Risk, and Compliance (GRC) Analyst
Experience: 5-7+yrs
Primary/mandate skill sets: SOC 2, ISO 27001, GRC Tool (Vanta, Drata, Archer, OneTrust, etc)
Budget: 15LPA + Stocks
About the Role
We are seeking a highly skilled Senior GRC Analyst to join our team and strengthen our governance, risk, and compliance programs. This role is critical in ensuring our organization maintains strong security practices, regulatory compliance, and effective risk management. You will collaborate with IT, security, legal, audit, and business stakeholders to build and mature our GRC framework, drive compliance initiatives, and mitigate risks across the enterprise.
Key Responsibilities
- Governance & Policy Development
- Develop, update, and maintain security and compliance policies, standards, and procedures.
- Ensure alignment with industry frameworks such as ISO 27001, NIST CSF, SOC 2, HIPAA, PCI-DSS, and GDPR.
- Educate business units on compliance requirements and governance standards.
- Risk Management
- Lead enterprise and IT risk assessments, identifying, evaluating, and prioritizing risks.
- Recommend and track remediation plans to address control gaps and vulnerabilities.
- Manage third-party/vendor risk assessments and ongoing due diligence.
- Compliance & Audit Readiness
- Support internal and external audits (e.g., SOC 2, PCI-DSS).
- Maintain compliance evidence repositories and audit documentation.
- Monitor changes in regulations and industry standards to ensure ongoing compliance.
- Security Awareness & Training
- Contribute to compliance training and awareness programs for employees.
- Promote a culture of compliance and risk awareness across the organization.
- Metrics & Reporting
- Develop dashboards and reports that communicate risk and compliance status to leadership.
- Provide recommendations for improving governance and compliance maturity.
Qualifications
- Education: Bachelor’s degree in Information Security, Risk Management, Business Administration, or a related field (Master’s degree a plus).
- Experience: 5–7+ years of experience in GRC, risk management, compliance, or related roles, with demonstrated experience leading initiatives or mentoring junior staff.
- Certifications (Preferred): CGRC, CISSP, CISM, CRISC, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent.
- Technical & Professional Skills:
- Strong knowledge of compliance frameworks and risk management methodologies.
- Hands-on experience with GRC platforms such as Vanta, Drata, etc....
- Proven ability to work collaboratively, resolve challenges strategically, and communicate complex ideas with clarity in both written and spoken formats.
- Strong analytical, problem-solving, and organizational abilities.
Why Join Us
- Opportunity to play a key role in shaping and maturing our GRC program.
- Collaborative and supportive environment with exposure to leadership.
- Professional development opportunities and support for certifications.
- Competitive compensation and benefits package.
Click on Apply to know more.