GRC Engineer

Company Overview

This opportunity is with a prestigious client who values extensive experience from top-tier firms. Candidates must have previously worked in a Big 4 company, reflecting a commitment to excellence in governance, risk, and compliance.

Job Summary

The GRC Engineer will own complete SOC2 audit processes—not in a support capacity, but as a full-cycle engagement leader. You will drive risk, security, and compliance initiatives across the organization, ensuring robust internal controls and effective implementation of industry best practices to meet regulatory requirements and business objectives.

Responsibilities

• Governance, Risk & Compliance Assessments: Participate in end-to-end assessments including policy & procedure reviews, change management, and internal control measurements.
• Security Assessments & Implementation: Conduct comprehensive security assessments and provide implementation support based on frameworks such as ISO 27001:2022, NIST 800, NIST CSF, PCI DSS, and HITRUST; perform gap analysis, identify risks, and deliver actionable recommendations.
• Audit Readiness & Methodology: Lead the development and execution of risk methodologies, maintain updated mappings for SOC1, SOC2, and other industry regulatory requirements.
• Stakeholder Consultation: Act in a consulting role with internal business units, advising on internal controls, strategic initiatives, and upcoming audits.
• Liaison & Communication: Serve as the primary liaison for internal/external audits by engaging with auditors, external customers, and regulatory bodies.
• Reporting & Metrics: Support coordination, tracking, and reporting on divisional and business unit metrics by transforming raw data into meaningful risk metrics and reports.

Qualifications

• Experience: 8+ years in security compliance, governance, risk, and control roles with hands-on SOC2 audit experience.
• Big 4 Background: Prior work experience in a Big 4 company is mandatory.
• Certifications: Relevant certifications such as ISO 27001 Lead Auditor, SOC2 certification, or similar are preferred.
• Technical Skills: Proficiency in Security Operations Center (SOC) Analyst tasks, audit reporting, and GDPR auditing.
• Knowledge of Frameworks: Deep understanding of regulatory and compliance frameworks, including SOC1, SOC2, ISO 27001, NIST 800/NIST CSF, PCI DSS, and HITRUST.
• Analytical & Consulting Skills: Strong analytical, problem-solving, and communication skills, with the ability to work as a trusted advisor to business units.
• Educational Background: A Bachelor’s degree in Computer Science, Information Security, or a related field is required.

Preferred Skills

• Experience with conducting risk modeling, data analysis, and transforming data into actionable insights.
• Demonstrated ability to lead full lifecycle audit engagements, beyond support roles.
• Familiarity with consulting environments and working across matrix business structures.
• Strong interpersonal skills with a focus on building positive, entrepreneurial cultures.

Experience

• A minimum of 8+ years of relevant experience in security compliance, GRC, and audit engagements, particularly with full-cycle SOC2 audits.

Environment

• Location: Bengaluru.
• Work Setting: Full-time role in a dynamic, matrixed business environment that interacts with both internal and external stakeholders. Immediate start is preferred.

GrowthOpportunities

Not Provided

Benefits

Not Provided

Tools

file_search

// Tool for searching files uploaded by the user. // // To use this tool, you must send it a message with the appropriate command as detailed in the instructions.