Job Description:Role SummaryWe are seeking a motivated GRC Associate to join the Information Security team. This entry-level role is ideal for fresh graduates or 1-2 years experienced who are passionate about cybersecurity, governance, risk, and compliance. You will support the implementation of our security policies, risk assessments, control testing, third-party risk reviews, audits, and regulatory compliance activities under guidance from senior team members.Department:InfosecSkills Required:Risk Management, Infosec, Cyber Security, AuditingRole:Key ResponsibilitiesAssist in developing, reviewing, and maintaining information security policies, standards, and procedures.Support risk assessments for applications, infrastructure, and business processes; document risks, controls, and remediation plans.Perform basic control testing and evidence collection for frameworks such as ISO/IEC 27001, SOC 2, NIST CSF/800-53, PCI DSS (as applicable).Help coordinate internal and external audits; track findings, actions, and closure.Contribute to third-party/vendor risk assessments: distribute questionnaires, review responses, and follow up on gaps.Assist with compliance obligations (e.g., data protection, privacy, and regulatory requirements) and maintain compliance artefacts.Maintain GRC registers and dashboards (risk register, issues, exceptions, controls, assets).Support security awareness and training campaigns; prepare communication material and metrics.Document processes, SOPs, and working instructions for repeatable GRC activities.Participate in incident post-mortems for governance inputs (lessons learned, corrective/preventive actions).Generate periodic reports and metrics for stakeholders and management.QualificationsBachelor's degree in Computer Science, Information Technology, or related field.0-3 year of experience (internships/projects in cybersecurity, GRC, audit, or risk are a plus).Foundational understanding of information security concepts: CIA triad, controls, risk, vulnerabilities, and threats.Familiarity with at least one security framework or standard (e.g., ISO 27001, SOC 2, NIST, PCI DSS, COBIT, GDPR/DPDP Act basics).Basic knowledge of IT infrastructure, cloud, networks, and application security principles.Proficiency with MS Excel/Sheets, PowerPoint, Word; comfort with ticketing and GRC tools.Education/Qualification:Bachelor of Engg./Tech.Designation:Information Security - GRC Associate
