Max Healthcare - Deputy Manager/Manager - Cybersecurity Governance, Risk & Compliance

Job title : Deputy / Manager - Cybersecurity Governance, Risk & Compliance (GRC).

Roles & Responsibilities:.

- We are seeking a highly motivated and detail-oriented Cybersecurity GRC Manager to lead our information security governance and compliance initiatives.

- The ideal candidate will have deep expertise in implementing and managing ISO 27001:2022, SOC 2, ITGC audits, third-party risk assessments, and cybersecurity awareness programs, with strong skills in risk dashboarding and executive reporting.

Key Roles & Responsibilities:.

Governance & Compliance.

- Ongoing management of ISO/IEC 27001:2022, SOC 2 Type I/II, and other security frameworks.

- Coordinate and support internal/external ITGC audits and ensure timely closure of observations with evidence.

- Design and maintain ISMS scope, policies, procedures, and SOA documentation aligned with regulatory and business requirements.

- Drive compliance with data protection laws, especially DPDP Act, and assist in conducting Data Protection Impact Assessments (DPIA).

Risk & Reporting.

- Conduct regular cybersecurity risk assessments, maintain risk registers, and track mitigation activities.

- Develop and maintain executive-level dashboards to present risk posture, audit findings, and compliance metrics.

- Facilitate cybersecurity maturity assessments and build improvement roadmaps.

Third-Party Risk Management (TPRM).

- Implement and manage vendor onboarding, due diligence, and ongoing security assessments based on business criticality and data sensitivity.

- Create and maintain a centralized vendor inventory with risk classifications and mapped business functions.

User Awareness & Incident Handling.

- Lead cybersecurity awareness & training programs through LMS, mailers, phishing simulations, and classroom sessions.

- Support in managing security incidents, tracking root causes, and reporting to stakeholders.

Qualification & Skills:.

Education:.

- Graduation (Any discipline specially related to Computer and Security like B. tech, BCA, MCA, MBA etc.

Certifications (Preferred):.

- ISO 27001:2022 Lead Implementer / Lead Auditor.

- SOC 2 Readiness / Auditor Training.

- NIST CSF Practitioner.

- DPDP/Privacy Law Practitioner.

- CRISC / CISA.

Experience:. 6+ years in Cybersecurity Governance, Risk Management, and Compliance.