×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security Data Security IT Business Analyst

GRC Analyst

Job in 411001, Pune, Maharashtra, India
Listing for: Qualys
Full Time position
Listed on 2026-02-08
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security, Data Security, IT Business Analyst
Job Description & How to Apply Below
Job Description:

Job Title:

GRC Analyst

Function:
Governance, Risk and Compliance (GRC)

Education:

Bachelor’s degree in Information Technology, Information Security, Risk Management, Business Administration, Finance, or a related discipline

Professional certifications are a plus.

Role Overview :

The GRC Analyst is responsible for identifying, assessing, monitoring, and reporting risks associated with third‑party vendors, service providers, and outsourced relationships. The role ensures third‑party engagements align with the organization’s risk tolerance, regulatory requirements, and internal control standards.

This position plays a critical role in operational resilience, cybersecurity risk management, regulatory compliance, and governance.

Key Responsibilities:

Risk Identification:

- Conduct comprehensive assessments of potential technical risks associated with the organization's systems, infrastructure, and technology projects.
- Have good understanding and working of IT infrastructure systems and devices from a security perspective like server, virtualization, cloud, applications, databases, network switches, router, firewalls, load balancers, etc.
- Stay abreast of industry trends, emerging technologies, and potential vulnerabilities that may impact the organization's technical landscape.

Risk Assessment:

- Evaluate the potential impact and likelihood of identified risks, considering both internal and external factors.
- Work closely with technical teams to assess the security posture of systems and applications through vulnerability assessments and penetration testing.
- Have good understanding of systems and solutions like active directory (AD), email, DNS, DLP, antivirus, EDR, SIEM, etc.
- The ability to articulate the business risks associated with technical vulnerabilities and risks.

Third‑Party Risk Assessment & Monitoring

- Perform end‑to‑end third‑party risk assessments during onboarding, periodic reviews, and event‑driven triggers
- Assess vendor risks across multiple domains, including:
- Information Security
- Data Privacy
- Business Continuity & Disaster Recovery
- Operational Risk
- Regulatory and Compliance Risk
- Evaluate vendor responses, supporting evidence, and attestations for adequacy and accuracy

Issue Management & Remediation

- Identify control gaps, weaknesses, and risk issues arising from third‑party assessments
- Work with vendors and internal stakeholders to define remediation plans
- Track remediation actions and validate closure evidence

Risk Reporting & Metrics

- Maintain third‑party risk registers, risk ratings, and issue logs
- Prepare risk reports, dashboards, and key risk indicators (KRIs) for management
- Support risk committees, governance forums, and senior leadership reporting

Stakeholder & Vendor Engagement

- Partner with procurement, legal, compliance, information security, privacy, and business teams
- Act as a point of contact for third‑party risk‑related queries
- Support contract reviews by providing risk inputs related to vendor engagements

Regulatory, Audit & Governance Support

- Support internal audits, regulatory examinations, and client due diligence requests related to third‑party risk
- Ensure alignment with applicable regulations and frameworks (e.g., FedRAMP, RBI, GDPR, ISO, SOC)
- Assist in maintaining third‑party risk policies, standards, and procedures

Process Improvement & Tooling

- Contribute to improvements in TPRM processes, assessment methodologies, and workflows
- Assist in enhancements or implementations of GRC platforms (e.g., Archer, Service Now, Metric Stream)
- Support automation and data quality initiatives within the TPRM program.

Required Skills &

Competencies:

Risk & Compliance Knowledge

- Strong understanding of third‑party risk management lifecycle
- Working knowledge of technology, cyber, and operational risk concepts
- Familiarity with regulatory expectations and risk management frameworks

Tools & Technology

- Experience using GRC platforms or vendor risk tools
- Strong proficiency in Excel and reporting tools
- Ability to analyze data and produce clear, actionable insights

Communication & Collaboration

- Strong written and verbal communication skills
- Ability to engage…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)

Job Posting Language
Employment Category
Education (minimum level)
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search