Hyderabad, Telangana, India · On-site
Role Overview We are seeking a detail-oriented GRC & Data Privacy Analyst to join our security team. In this role, you will be responsible for maintaining our integrated risk management framework while taking a lead role…
Skills: GRC, Data Privacy, Risk Management, ISO 27001, SOC 2
Sign up with Clera and we'll reach out the moment a role actually fits you — no more spraying applications into the void.
Maintain the organization's integrated risk management framework and lead the implementation and auditing of the data privacy program. Ensure global regulatory compliance through risk assessments, policy management, and third-party due diligence.
Requires 8-10 years of experience in GRC, Information Security, or IT Audit, with 2-4 years specifically in Data Privacy. Preferred certifications include CISA, CRISC, or CISM, along with familiarity with AWS and GRC tools.
We are seeking a detail-oriented GRC & Data Privacy Analyst to join our security team. In this role, you will be responsible for maintaining our integrated risk management framework while taking a lead role in implementing and auditing our data privacy program. You will ensure that our operations remain compliant with global regulations (GDPR, PDPA, etc.) while identifying and mitigating risks across the organization.
Framework Alignment: Maintain and mature the organization’s security framework (e.g., ISO 27001, SOC 2 and Singapore MAS).
Risk Assessments: Conduct annual and project-based risk assessments; maintain the Corporate Risk Register and track remediation efforts.
Policy Management: Draft, review, and update internal security policies and standards to ensure they reflect current business processes.
Third-Party Risk Management (TPRM): Evaluate the security posture of vendors and partners through assessments and due diligence reviews.
Privacy Impact Assessments (PIAs/DPIAs): Lead the evaluation of new products or processes to ensure "Privacy by Design" is integrated into the development lifecycle.
Data Mapping: Maintain a comprehensive record of processing activities (ROPA) and data flow diagrams.
Privacy Operations: Manage the Data Subject Access Request (DSAR) process and coordinate responses to privacy-related inquiries.
Compliance Monitoring: Monitor changes in global privacy laws and translate them into actionable technical or procedural requirements for the IT and Product teams.
Internal Audits: Perform regular control testing to ensure ongoing compliance with internal policies and external regulations.
External Audit Liaison: Serve as the primary point of contact for external auditors during certification cycles.
Awareness Training: Develop and deliver training content on security best practices and data handling requirements for all employees.
Experience: 8 - 10 years in GRC, Information Security, or IT Audit, with at least 2–4 years specifically focused on Data Privacy.
Certifications (Preferred): CISA, CRISC, or CISM.
Technical Skills: Familiarity with GRC tools (Sprinto) and a solid understanding of cloud security (AWS).
Regulatory Knowledge: Deep understanding of GDPR, PDPA, and industry standards like ISO 27001, SOC 2 and Singapore MAS
The "Translator" Ability: Can explain complex legal requirements to developers and technical risks to executives.
Analytical Rigor: A passion for documentation and a "trust but verify" mindset.
Adaptability: Comfortable navigating the gray areas of emerging privacy legislation.
A modular BaaS platform offering a full suite of banking services through a single integration.
HugoHub is a BaaS platform, offering a full-suite of modular banking services through a single integration that is user-friendly and accessible. It allows you to mix and match financial service to create unique and seamless experiences that delight. HugoHub is the core technology serving the WealthCare App Hugosave in Singapore as well as HugoBank, a digital bank to be launched in Pakistan. HugoHub comprises 5 Product Pillars made available to our clients: Accounts, Wallets & Payments Card Programmes Wealth, Savings & Investments Credit, lending & Insurance Full Stack BaaS (Banking as a Service) Bank of API’s Contact [email protected] for more information
Offices: 143 Cecil Street, GB Building, Singapore, 069542, SG · Mayur Marg, Begumpet,, 4th Floor, Varun Towers-II,, Hyderabad, 500016, IN
A modular BaaS platform offering a full suite of banking services through a single integration.
HugoHub is a BaaS platform, offering a full-suite of modular banking services through a single integration that is user-friendly and accessible. It allows you to mix and match financial service to create unique and seamless experiences that delight. HugoHub is the core technology serving the WealthCare App Hugosave in Singapore as well as HugoBank, a digital bank to be launched in Pakistan. HugoHub comprises 5 Product Pillars made available to our clients: Accounts, Wallets & Payments Card Programmes Wealth, Savings & Investments Credit, lending & Insurance Full Stack BaaS (Banking as a Service) Bank of API’s Contact [email protected] for more information
Offices: 143 Cecil Street, GB Building, Singapore, 069542, SG · Mayur Marg, Begumpet,, 4th Floor, Varun Towers-II,, Hyderabad, 500016, IN
