Job Description & How to Apply Below
Location: Bengaluru
Job Title:
Policies and Standards Authoring Expert – GRC
Location:
Remote/Hybrid depending on company policy
Experience:
7–10 Years
Employment Type:
Full-Time
Position Overview:
We are seeking a seasoned Policies and Standards Authoring Expert to lead the creation, revision, and governance of enterprise-wide Information Security and GRC-related documentation. This role demands a deep understanding of cybersecurity frameworks, regulatory compliance obligations, and IT governance models across multiple geographies.
The ideal candidate will bring 7–10 years of hands-on GRC experience, with demonstrated expertise in developing policies, standards, procedures, and guidelines that align with industry best practices and organizational risk tolerance.
Key Responsibilities:
Author, review, and maintain a comprehensive library of information security, privacy, and IT governance policies and standards.
Ensure all documentation aligns with leading frameworks such as NIST CSF, NIST 800-53, ISO 27001, SOC 2, PCI DSS, HIPAA, DORA, and GDPR.
Collaborate with legal, risk, privacy, audit, IT, and business teams to ensure policies are fit-for-purpose, legally defensible, and practically enforceable.
Maintain a robust policy lifecycle governance process, including version control, approvals, and periodic review schedules.
Develop accompanying procedures and guidelines to support policy adoption and operational integration.
Lead internal reviews and gap assessments to benchmark policies against evolving regulatory or contractual requirements.
Serve as subject matter expert on policy-related inquiries from internal stakeholders, regulators, and auditors.
Required Qualifications:
7–10 years of experience in Governance, Risk & Compliance (GRC), with a strong focus on policy and standards development.
In-depth understanding of security and privacy regulatory frameworks, including but not limited to NIST, ISO, SOX, GDPR, HIPAA, and PCI DSS.
Demonstrated expertise in writing formal governance documents for global or multinational enterprises.
Excellent written communication skills, with proven ability to translate complex technical and legal content into clear, accessible policy language.
Experience in policy management tools or document governance platforms (e.g., Service Now GRC, Archer, or SharePoint).
Familiarity with organizational policy governance structures, risk ownership models, and compliance assurance practices.
Preferred Qualifications:
Certifications such as CISA, CISM, CGEIT, CISSP, CRISC, or equivalent.
Experience supporting regulatory audits or internal/external assessments related to policy compliance.
Knowledge of cross-border regulatory differences between the US, UK, Canada, and the EU.
Experience integrating policy frameworks with third-party risk, privacy, or secure software development standards.
Key
Competencies:
Precision-focused communicator with mastery in formal policy writing and editorial standards.
Risk-aware strategist who understands how to balance security, compliance, and business flexibility.
Strong collaboration and influence skills, able to align diverse stakeholder groups behind clear policy requirements.
Highly organized and methodical, with a structured approach to policy lifecycle management and control mapping.
Adaptive to regulatory change and evolving threat landscapes, with a mind-set for continuous improvement.
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×