Location: Hyderabad

Roles & Responsibilities:

• Develop, review, and maintain internal policies, procedures, and standards across various business functions.

• Ensure alignment of internal governance frameworks with organizational objectives and risk appetite.

• Conduct internal risk assessments to identify, analyze, and evaluate operational, strategic, financial, and reputational risks

• Develop and implement risk mitigation strategies and controls, focusing on areas not directly driven by external regulations (e.g., internal process failures, data integrity, operational inefficiencies).

• Monitor and report on key risk indicators (KRIs) and risk trends, maintain and update internal risk registers

• Collaborate with various departments to embed risk awareness and management practices into their daily operations

• Design, implement, and monitor internal control frameworks to ensure adherence to company policies and internal standards.

• Conduct internal audits and reviews to assess the effectiveness of controls and identify areas for improvement.

• Prepare clear and concise reports, dashboards, and presentations for management on the status of internal governance, risk, and control activities.

• Communicate effectively with stakeholders across all levels of the organization regarding GRC matters.

• Identify opportunities to streamline GRC processes and enhance efficiency through automation or process re-engineering.

• Stay informed about industry best practices in internal governance and risk management.

• Thoroughly review of all incoming information security requests (e.g., user access, system configuration changes, firewall rules creation/modifications, software installations, data access, third-party system integrations).

• Review and approve access requests to sensitive systems, applications, and data and validate justifications, roles, and least-privilege principles prior to approval.

• Identify and assess security risks and develop mitigation strategies.

• Conduct preliminary risk assessments for requests that may introduce new vulnerabilities or deviate from standard security practices.

• Collaborate with the Information Security team, IT operations, system owners, and business units to understand the business justification for requests and identify appropriate risk mitigation strategies.

• Maintain a comprehensive understanding of evolving security threats, vulnerabilities, and regulatory changes to inform approval decisions.

• Review and recommend exceptions to security policies and standards, identify and document any residual risks associated with approved exceptions, and ensure that compensating controls are in place for recommended exceptions, documenting the rationale, validity period, and expiration tracking.

• Communicate clearly and concisely with requestors, providing detailed explanations for approvals, denials, or requests for additional information.

• Contribute to the development and refinement of information security policies, procedures, and access control matrices.

• Maintain accurate and up-to-date documentation of approved requests, justifications, and any associated risk exceptions.

• Perform security reviews, identify gaps in security architecture, and develop a security risk management plan

• Evaluate security architectures and designs to determine the adequacy of security design and architecture proposed or provided in response to requirements

• Provide guidance and mentorship to junior security team members.