Information Technology Governance Manager

Role:
Governance Risk And Compliance Manager

Location:

Gurugram
Mode:
Work from Office

The  IT GRC Manager  is responsible for governing  enterprise IT processes, technology risks, and regulatory compliance  to ensure that IT systems, applications, and operations align with  business objectives, regulatory expectations, and internal control requirements .
This role focuses on  IT risk, IT controls, IT compliance, and assurance , not on security operations or SOC activities.

Key Responsibilities
IT Governance
Establish and maintain  IT Governance frameworks  aligned with  COBIT, ITIL, ISO 38500 , and internal enterprise governance models.
Ensure alignment of  IT strategy, architecture, and investments  with business objectives.
Define and monitor  IT policies, standards, and control objectives  across applications, infrastructure, cloud, and data platforms.
Support  IT steering committees  and executive decision-making with governance metrics and reports.

IT Risk Management
Identify, assess, and manage  IT risks , including:
Application & system risks
Infrastructure & cloud risks
Data integrity and availability risks
Change, release, and configuration risks
Maintain the  IT Risk Register  and ensure ownership, mitigation plans, and periodic reviews.
Facilitate  risk acceptance and exception management  processes.
Partner with IT, Engineering, and Architecture teams to embed  risk-based controls  into IT processes.

IT Compliance & Controls
Design, implement, and monitor  IT General Controls (ITGCs) , including:
Access management
Change management
IT operations & backup controls
Ensure compliance with applicable frameworks and regulations such as:
SOX ITGC (where applicable)
ISO 27001 (IT control alignment only)
SOC 1 / SOC 2 (IT control perspective)
Data protection regulations (IT enablement controls)
Track compliance status and remediate  control gaps and deficiencies .

Audit & Assurance
Act as the  primary IT interface for internal and external audits .
Coordinate  IT audits , walkthroughs, evidence collection, and remediation tracking.
Manage  audit observations, CAPs, and closure validation .
Ensure repeat audit issues are eliminated through  process improvements .

Third-Party & Technology Risk
Govern  IT vendor and third-party technology risks .
Review IT-related clauses in contracts (availability, data handling, continuity, audit rights).
Perform  IT risk assessments  for new systems, cloud services, and digital initiatives.
Monitor compliance and risk posture of critical IT vendors.

Process & Control Maturity
Drive maturity of  IT processes  such as:
Change & release management
Incident & problem management (governance view)
Capacity, availability, and DR governance
Support  BCP/DR governance testing  and compliance reporting.
Enable continuous improvement through  control automation and GRC tooling .

Key Skills & Competencies
Core Expertise
Strong knowledge of:
IT Governance & IT Risk Management
IT General Controls (ITGC)
Audit & assurance processes
Hands-on experience with  COBIT, ITIL, SOC, SOX IT controls .

Experience with  IT GRC platforms  (Service Now GRC, Archer, Metric Stream, One Trust, etc.).
Professional Skills
Strong analytical and documentation skills.
Ability to translate  IT risks into business impact .
Effective stakeholder management across IT, Audit, Risk, Legal, and Finance.
High attention to detail and structured execution.

It is our policy to provide equal employment opportunities to all individuals based on job-related qualifications and ability to perform a job, without regard to age, gender, gender identity, sexual orientation, race, color, religion, creed, national origin, disability, genetic information, veteran status, citizenship or marital status, and to maintain a non-discriminatory environment free from intimidation, harassment or bias based upon these grounds.