Prepare for Your Crisil Interview with Real Experiences!
View interviews
AmbitionBox
Search
Jobs
- Reviews
- Salaries
- Interview Questions
- About Company
- Benefits
- Jobs
- Office Photos
- Community
Add office photos
Engaged Employer
i
This company page is being actively managed by
Crisil Team. If you also belong to the team, you
can get access from
here
Crisil
Compare
All Filters
667 Crisil Jobs
Manager Infosec GRC
CRISIL
·
8-13 years
₹ 12L/yr - 33.5L/yr (AmbitionBox estimate)
This is an estimate of the average salary range for this
position. It has not been reviewed by the company, and
the actual salary may differ.
Mumbai
1 vacancy
Manager Infosec GRC
Crisil
posted 3+ weeks ago
Job Role Insights
Flexible timing
Key skills for the job
Job Description
Department: Information Security
Location: Mumbai
Reports to: IS GRC Head
Employment Type: Full-time
Job Purpose:
This role is responsible for driving the organization s Information Security Governance, Risk, and Compliance (GRC) function, Industry standards (ISO 27001, NIST CSF), and regulatory requirements. The candidate will lead internal audits, vendor risk governance, SOC 2 readiness, automation initiatives, client assessments, and security awareness across the enterprise while managing a team of security professionals.
Key Responsibilities:
Governance, Risk & Compliance
Implement and maintain a scalable Information Security GRC framework based on ISO 27001, NIST Cybersecurity Framework, and applicable regulatory requirements (RBI, SEBI, IRDAI, DPDPA).
Manage the information security policy lifecycle, risk registers, and control objectives across business units.
Lead the exception management process, including impact assessments, approval workflows, and periodic reviews.
Internal Audit & Control Testing
Plan and execute periodic internal audits, control design evaluations, and operational effectiveness testing for IT and cybersecurity controls.
Coordinate external assessments, including SOC 2 readiness, ISO 27001 surveillance audits, and customer/compliance audits.
Track and close audit findings with clear ownership, root cause analysis, and sustainable remediation plans.
Vendor Risk Management (End-to-End)
Oversee the Third-Party Risk Management (TPRM) lifecycle: onboarding, risk assessment, security clauses, ongoing monitoring, and exit governance.
Drive continuous oversight of critical vendors based on data exposure and service criticality, using automated tools where feasible.
Automation & Tooling
Identify manual GRC activities suitable for automation; perform POCs, evaluate tools, and drive implementation.
Lead automation initiatives for risk assessments, control testing, evidence gathering, and exception workflows.
SOC 2 & Compliance Readiness
Lead organizational readiness for SOC 2 Type 1 and Type 2 audits, working with Business SPOCs, application owners and control owners.
Align existing practices to SOC trust service criteria (Security, Availability, Confidentiality).
Security Training & Awareness
Develop and deliver cybersecurity training and awareness programs tailored to various stakeholder groups (employees, management, vendors).
Promote a risk-aware culture and drive ongoing compliance awareness campaigns.
Incident Response Oversight
Support and enhance the incident response governance process by aligning it with NIST CSF framework.
Ensure roles, responsibilities, and reporting mechanisms are clearly defined and followed during incidents.
Oversee the documentation of lessons learned, RCA, and incorporation of incidents into risk registers.
Reporting & Stakeholder Engagement
Prepare and present dashboards, heatmaps, and reports for executive management, audit committees, and the board.
Maintain governance KRIs and provide insights into risk trends, audit closures, and compliance status.
Serve as a key liaison during client assessments, RFP security responses, and due diligence efforts.
Team Leadership
Manage, mentor, and upskill a team of GRC analysts and specialists.
Allocate responsibilities, track performance, and foster collaboration across IT, Legal, Procurement, and Business teams.
Key Requirements:
Qualifications:
Bachelor s/Master s in Information Security, Computer Science, or related field.
Professional certifications preferred: CISA, CRISC, ISO 27001 LA, CISSP, CCSK, or equivalent.
Experience:
8+ years of experience in Information Security GRC, IT Risk, and Regulatory Compliance.
Strong expertise in internal audits, control testing, and vendor security governance.
Hands-on experience in managing SOC 2, ISO 27001, or similar frameworks.
Demonstrated leadership in team management and multi-stakeholder coordination.
Exposure to automating GRC functions using platforms like ServiceNow GRC, Archer, OneTrust, or similar.
Skills & Competencies:
Strong analytical, documentation, and reporting skills.
Effective communication across technical and business audiences.
High level of integrity, ownership, and stakeholder management.
Employment Type: Full Time, Permanent
Read full job description
What people at Crisil are saying
Rating based on 53 Manager
reviews
Anonymous · Risk Management & Compliance
in Mumbai
Likes
Job security is a great plus
- Skill development - Good
+1 more
Dislikes
Work life balance is not upto the mark
Manager salary at Crisil
reported by
455
employees
with 5-14
years exp.
₹19.1
L/yr - ₹34.7
L/yr
53%
more
than the average Manager Salary in India
View more details
What Crisil employees are saying about work life
based on 1.7k employees
Flexible timing
Monday to Friday
No travel
Day Shift
Crisil Benefits
View more benefits
Compare Crisil with
IKS Health
Compare
Indegene
Compare
Acuity Knowledge Partners
Compare
Baroda Global Shared Services
Compare
Mu Sigma
Compare
Nielsen
Compare
Netscribes
Compare
Clarivate
Compare
Sutherland Healthcare Solutions
Compare
Cotiviti
Compare
GlobalData
Compare
Global Healthcare Billing Partners
Compare
Karvy Data Management Services
Compare
Prochant
Compare
Essjay Ericsson
Compare
Markets and Markets
Compare
C5i
Compare
Matrix Business Services
Compare
Athenahealth Technology
Compare
Scientific Publishing Services
Compare
Similar Jobs for you
Crisil Mumbai Office Location
Mumbai Office
CRISIL, Central Avenue, Hiranandani Business Park, Powai
Mumbai
Maharashtra 400076
Maharashtra 400076
Manager Infosec GRC
8-13 Yrs
₹ 12L/yr - 33.5L/yr (AmbitionBox estimate)
Mumbai
Auditing, Procurement, Automation +7 more
Business Analyst (Third Party payroll )
4-6 Yrs
₹ 8.2L/yr - 11.2L/yr (AmbitionBox estimate)
Mumbai
Sales, Project Management, SAP SD +18 more
Desktop Support Engineer - Hyderabad - Third Party payroll
3-4 Yrs
Hyderabad / Secunderabad
Software, Networking, Office +8 more
Senior Associate
0-1 Yrs
Mumbai
Finance, Investment Banking, Accounting +13 more
Associate Transaction Banking
3-5 Yrs
₹ 2.8L/yr - 11.5L/yr (AmbitionBox estimate)
Mumbai
Advanced Excel, Analytics, Business Management +5 more
Regulatory Manager
7-12 Yrs
Mumbai
Operations, Trade Finance, Forex +7 more
Project Manager And Scrum Master
5-7 Yrs
Mumbai
Computer Science, Project Management, Information Technology +4 more
Assistant Manager - TA (IT Recruiter)
4-10 Yrs
Mumbai
Computer Science, Talent Acquisition, C++ +6 more
Share an Interview