GRC Engineer (Security Governance & Compliance Associate)

This GRC Engineer role supports daily security control monitoring and risk documentation. It ensures compliance with telecom regulations, including TRAI and DOT. The position also maintains adherence to global standards. Key standards include ISO 27001 and NIST frameworks. GRC Engineer provides foundational support for the Managed Security Services (MSS) GRC function. The primary objective is to assist in the day-to-day monitoring of security controls, maintain risk documentation, and support compliance activities related to telecom-specific regulations (TRAI, DOT) and global standards (ISO 27001, NIST).

Must-Have:

• 6+years of experience coming from B.Tech/M.Tech/MCA educational background.
• Maintain cybersecurity policies, standards, and frameworks, and support policy awareness training.
• Assist in maintaining the risk register by tracking treatment plans and mitigation strategies and, support to TRAI, DOT, DPDPA and GDPR, SOC 2 regulatory standards.
• Monitor security controls and policy enforcement within the MSS environment for compliance.
• Organize and maintain compliance artifacts for audits, reviews, and regulatory reporting.

Nice-To-Have:

• Collate data for reporting on risk posture and compliance status to internal teams and customers. (Important for communication, but the core GRC work is prior to reporting)

• Provide support for security risk assessments, internal audits, and BCP/DR documentation. (Valuable support, but the direct maintenance and monitoring are more foundational)

• Coordinate with SOC to ensure incident handling and notification processes meet compliance standards. (Enhances incident response, but the primary GRC tasks are more about policy and risk management)

• Maintain cybersecurity policies, standards, and frameworks, and support policy awareness training.

• Collate data for reporting on risk posture and compliance status to internal teams and customers.

• Assist in maintaining the risk register by tracking treatment plans and mitigation strategies.

• Provide support for security risk assessments, internal audits, and BCP/DR documentation.

• Support adherence to Indian (TRAI, DOT, DPDPA) and global (GDPR, SOC 2) regulatory standards.

• Monitor security controls and policy enforcement within the MSS environment for compliance.

• Organize and maintain compliance artifacts for audits, reviews, and regulatory reporting.

• Coordinate with SOC to ensure incident handling and notification processes meet compliance standards.