Skip to main content
Compliance

GRC Analyst

Help enterprise customers achieve and maintain ISO 27001, SOC 2, RBI, SEBI, IRDAI, DPDP, GDPR, HIPAA, and PCI DSS compliance through structured risk and audit programmes.

📍 Delhi / Mumbai / Remote 🗓 Full-time 📊 Mid
ISO 27001SOC 2PCI DSSRBISEBIIRDAIDPDPGDPRHIPAAgap assessmentrisk managementauditcompliance

Ready to apply?

Send us your CV and a short note on why this role excites you.

Apply Now →

Usually responds within 2 business days

About the Role

Security Brigade is hiring a GRC Analyst to join our compliance and audit practice. You will work directly with enterprise customers across BFSI, fintech, healthcare, SaaS, and government to deliver structured compliance engagements across India and global frameworks — RBI, SEBI, IRDAI, CERT-In, UIDAI AUA-KUA, NPCI / UPI, SAR, ISO 27001, SOC 2, PCI DSS, HIPAA, GDPR, and DPDP. You will run gap assessments, policy and control reviews, evidence collection, remediation planning, and audit-cycle closure — all backed by our Lemon platform for evidence and tracking. The role pairs you with senior compliance leadership for mentorship and with our offensive security teams for technical control validation.

What You'll Do

  • Run gap assessments against the framework that applies to the customer (ISO 27001, SOC 2, RBI, SEBI, IRDAI, DPDP, etc.)
  • Map customer policies, processes, and technical controls to framework requirements
  • Lead evidence-collection workflows; coordinate with customer engineering, IT, and operations teams
  • Draft regulator-ready or auditor-ready deliverables — gap reports, control matrices, remediation trackers, board-summary packs
  • Partner with our offensive security and audit teams to validate technical control effectiveness, not just policy presence
  • Manage engagement timelines and stakeholder communication
  • Drive remediation cycles and closure validation through to final certification or attestation
  • Contribute to internal frameworks, templates, and Lemon platform improvements

What We're Looking For

  • 2–4 years of GRC, compliance, internal audit, or risk-management experience in a services / consulting environment
  • Working knowledge of at least three major frameworks: ISO 27001, SOC 2, PCI DSS, RBI cybersecurity, SEBI CSCRF, IRDAI, HIPAA, GDPR, or DPDP
  • Comfortable running gap assessments, control reviews, and evidence-collection workflows end-to-end
  • Strong written communication — your reports go to CISOs, audit committees, and regulators
  • Comfortable working customer-side: meeting cadence, evidence requests, escalation handling
  • Ability to run multiple parallel engagements without dropping rigour
  • Working knowledge of cybersecurity controls beyond paperwork — you do not have to be a hands-on tester, but you should reason about technical controls credibly

What We Offer

  • Competitive salary aligned to experience
  • Hybrid + remote-friendly
  • Sponsorship for ISO 27001 Lead Auditor / Lead Implementer, CISA, CISM, or equivalent certifications tied to role progression
  • Direct mentorship from senior compliance leadership
  • Exposure to a wide compliance portfolio across India and global frameworks
  • Internal lab environment + research time

Quick Facts

Team Compliance
Location Delhi / Mumbai / Remote
Type Full-time
Level Mid
Posted 1 May 2026
Apply for This Role →
← Back to all open positions