Cybersecurity - GRC Specialist

<p><strong>Job Title:&nbsp;</strong>Cybersecurity GRC Specialist</p> <p><strong>Location:</strong>&nbsp;Chennai</p> <p><strong>Job Type:&nbsp;</strong>Onsite - Work from office</p> <p><strong>Experience:</strong>&nbsp;7+ years (with at least 5 years in GRC-focused roles)</p> <hr> <p><strong>About Neysa</strong>:</p> <p>Neysa is an AI Acceleration Cloud System provider, dedicated to democratizing AI adoption&nbsp;with purpose-built platforms and services for AI-native applications and workloads. Co-founded by industry leaders, we empower businesses to discover, deploy, and scale&nbsp;Generative AI (Gen AI) and AI use cases securely and cost-effectively. Our flagship&nbsp;platforms—Neysa Velocis, Neysa Overwatch, and Neysa Aegis—accelerate AI deployment,&nbsp;optimize network performance, and safeguard AI/ML landscapes. We are committed to&nbsp;enabling AI-led innovation across industries and geographies.</p> <hr> <p><strong>Role Overview:</strong></p> <p>We are looking for an experienced Governance, Risk &amp; Compliance (GRC) Specialist to&nbsp;join our security team. In this role, you will own the end-to-end compliance lifecycle—&nbsp;covering certifications, security audits, and customer/vendor documentation—while&nbsp;equipping Sales and Customers with up-to-date security collateral. The ideal candidate&nbsp;brings a strong mix of compliance expertise, stakeholder management, and technical&nbsp;insight to drive both internal security programs and external customer trust.</p> <hr> <p><strong>Key Responsibilities:</strong></p> <ol> <li>Governance &amp; Compliance <ul> <li>Design, implement, and manage security compliance programs across our on-premise private cloud infrastructure, aligned with ISO 27001, 27017, 27018, SOC2, DPDPA, and PCI DSS.</li> <li>Conduct risk assessments, gap analyses, and treatment planning with a focus on cloud environments.</li> <li>Lead internal compliance readiness activities and manage external audits, ensuring timely closure of findings.</li> <li>Maintain and enhance GRC documentation, including control matrices, risk registers, and compliance reports.</li> <li>Develop and update security policies and procedures in line with evolving business and compliance needs.</li> </ul> </li> <li>Customer &amp; Stakeholder Engagement <ul> <li>Respond to customer security questionnaires, RFPs, and due diligence requests.</li> <li>Maintain a central repository of security FAQs, certifications, and compliance collateral for Sales enablement.</li> <li>Lead security-related discussions with customers, vendors, and auditors, ensuring transparency and trust.</li> <li>Collaborate with DevOps, IT, and Infrastructure teams to integrate GRC requirements into the platform lifecycle and embed security-by-design principles.</li> <li>Partner with SOC teams for threat detection, monitoring, and incident response use case development.Risk &amp; Security Assessments (including VAPT)</li> <li>Plan, conduct, and coordinate vulnerability assessments and penetration tests (VAPT) across applications, systems, and networks.</li> <li>Support infrastructure hardening and maintain audit-ready evidence.</li> <li>Work with internal teams and third-party vendors for specialized security assessments.</li> <li>Analyze findings from vulnerability scans, penetration tests and hardening findings, providing actionable remediation guidance.</li> <li>Collaborate with technical teams to prioritize risks, ensure secure configurations, and track remediation progress.</li> <li>Assist in securing network and virtual infrastructure components (firewalls, WAF, proxy, VPN, segmentation).</li> </ul> </li> </ol> <hr> <p><strong>Required Skills &amp; Qualifications:</strong></p> <ul> <li>Bachelor’s or Master’s degree in Information Security, Computer Science, o&nbsp;related field.</li> <li>7+ years of cybersecurity experience, with at least 5 years in GRC-focused roles.</li> <li>Proven experience in achieving and maintaining compliance with ISO 27001,&nbsp;27017, 27018, SOC 2, DPDPA, and PCI DSS.</li> <li>Experience with VAPT, vulnerability management, and remediation tracking.</li> <li>Strong understanding of security frameworks such as NIST CSF, CIS Controls,&nbsp;and ISO standards.</li> <li>Effective communicator with the ability to engage Customer, engineering.&nbsp;operations, and executive stakeholders.</li> <li>Excellent communication skills with the ability to simplify technical concepts for&nbsp;non-technical stakeholders.</li> <li>Strong organizational and project management skills.</li> </ul> <hr> <p><strong>Preferred Certifications:</strong></p> <ul> <li> <ul> <li>GRC-focused: CISA, CISM, CRISC, CISSP, ISO 27001 Lead</li> <li>Implementer/Auditor. (Minimum One)</li> <li>Technical: CEH, OSCP, or equivalent. (Optional)</li> </ul> </li> </ul>