Cyber GRC Lead; Governance, Risk & Compliance
Job in
530001, Visakhapatnam, Andhra Pradesh, India
Listed on 2026-02-04
Listing for:
Herspiegel
Full Time
position Listed on 2026-02-04
Job specializations:
-
IT/Tech
Cybersecurity, Information Security, Data Security, IT Consultant
Job Description & How to Apply Below
Job Title:
Cyber GRC Lead (Governance, Risk & Compliance)
Location:
India
Employment Type:
Contract – 0.75 FTE
Reports To:
Global Vice President of Information Technology
Herspiegel is a global life sciences consultancy that guides pharmaceutical and biotech companies through their most decisive moments—powering commercial success and expanding patient access. From early asset strategy to launch readiness and market optimization, we help clients navigate complexity and seize opportunity. Our integrated approach brings together scientific insight, evidence strategy, deep market intuition, and executional precision to ensure brands are built to lead.
Position Summary
The Cyber GRC Lead is responsible for designing, implementing, and operating the organisation’s cyber governance, risk, and compliance framework , with a primary focus on SOC 2 and ISO 27001 readiness and audit preparation .
The role owns the GRC framework, policy suite, control library, evidence management, Cyber risk register, and vendor security assessments , ensuring that security controls implemented by technical teams are properly governed, documented, evidenced, and audit-ready.
Enterprise risk acceptance, audit sign-off, and executive accountability for compliance outcomes remain with the Global VP of IT.
This role exists to remove the operational compliance burden from senior IT leadership and to provide a sustainable, repeatable compliance operating model.
Key Responsibilities
SOC 2 & ISO 27001 Framework Ownership
Own and operate the SOC 2 and ISO 27001 control frameworks , ensuring alignment between standards and organisational practices.
Define and maintain the control library , mapping controls to technical, operational, and organisational activities.
Ensure controls are clearly documented, scoped, and consistently applied.
Policy & Governance Management
Own the development, maintenance, and version control of information security and IT governance policies .
Ensure policies are aligned to SOC 2, ISO 27001, regulatory expectations, and customer assurance requirements.
Coordinate policy reviews, approvals, and periodic refresh cycles.
Evidence Management & Audit Readiness
Design and operate a centralised evidence management model for SOC 2 and ISO 27001.
Work with IT Operations and Cyber Security teams to collect, validate, and maintain audit evidence.
Prepare the organisation for external audits, readiness assessments, and surveillance activities.
Act as the primary day-to-day audit coordination lead .
Risk Management
Own and maintain the cyber risk register , including risk identification, assessment, treatment tracking, and reporting.
Support risk assessments and control gap analyses.
Escalate material risks and control gaps to the Global VP of IT for decision and risk acceptance.
Vendor & Third-Party Security Assurance
Own the vendor security assessment framework , including questionnaires, evidence review, and risk scoring.
Support supplier onboarding and periodic reviews from a security assurance perspective.
Work with Procurement, Legal, and IT to ensure third-party risks are understood and tracked.
Customer & Commercial Security Support
Support customer security questionnaires , assurance requests, and compliance artefacts by providing authoritative governance and control evidence.
Enable faster, more consistent responses to customer due diligence and renewal activities.
Decision Authority
The Cyber GRC Lead has authority to define and operate governance frameworks, policies, control libraries, and evidence processes.
Risk acceptance, control exceptions, audit sign-off, and external compliance attestations remain the responsibility of the Global VP of IT.
Where material control gaps or audit risks are identified, these are escalated for executive decision.
Required Skills & Experience
Experience
Proven experience in a GRC, security compliance, or audit readiness role .
Hands-on experience delivering SOC 2 and/or ISO 27001 readiness programmes .
Experience working with auditors, assessors, and internal stakeholders.
Technical & GRC Skills
Strong understanding of the latest SOC 2 Trust Services Criteria and ISO 27001 controls.
Experience…
Note that applications are not being accepted from your jurisdiction for this job currently via this jobsite. Candidate preferences are the decision of the Employer or Recruiting Agent, and are controlled by them alone.
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
To Search, View & Apply for jobs on this site that accept applications from your location or country, tap here to make a Search:
Search for further Jobs Here:
×