Job Title:
GRC & ISO Specialists (2-10 years)
Company: Kirtane & Pandit
Location: Mumbai, Maharashtra
Created: 2026-02-22
Job Type: Full Time
Job Description:
Job Title: GRC & ISO Specialists (2-10 years) Company: Kirtane & Pandit LLP Location: Mumbai (Dadar, On site) Role Overview Kirtane & Pandit LLP is seeking experienced GRC & ISO Cybersecurity Professionals to join its Cybersecurity Division. The role involves designing, implementing, and assessing Governance, Risk & Compliance (GRC) frameworks and leading ISO certification engagements for clients across sectors. Key Responsibilities Governance, Risk & Compliance (GRC): • Design, implement, and assess GRC frameworks aligned with business and regulatory requirements • Conduct IT risk assessments, control gap assessments, and maturity assessments • Support clients in developing cybersecurity policies, procedures, and standards • Perform third-party/vendor risk assessments • Support regulatory and compliance initiatives (e.g., RBI, SEBI, IRDAI, DPDP Act, etc.) ISO & Standards Implementation: • Lead and execute ISO certifications and audits such as: o ISO/IEC 27001 (ISMS) o ISO 22301 (BCMS) o ISO 27701 (Privacy) o ISO 20000-1 (ITSM) – good to have • Conduct internal audits, readiness assessments, and surveillance audits • Support clients through certification and recertification cycles • Coordinate with certification bodies and external auditors Client & Project Management: • Interact with client stakeholders for requirement gathering and reporting • Prepare risk assessment reports, audit reports, and management dashboards • Manage multiple client engagements and ensure timely delivery • Provide advisory recommendations and remediation roadmaps Required Skills & Qualifications • Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field • 2-10 years of experience in GRC, ISO implementation, or cybersecurity consulting • Strong understanding of: o Information Security & Risk Management o ISO 27001 controls and risk treatment methodology o Cybersecurity governance frameworks • Hands-on experience in ISO audits and documentation Preferred Certifications (One or more): • ISO/IEC 27001 Lead Implementer / Lead Auditor • CISA / CRISC / CISSP (preferred) • CEH or equivalent cybersecurity certifications (good to have) Key Competencies • Strong analytical and documentation skills • Client-facing and stakeholder management abilities • Good communication and presentation skills • Ability to work independently and in teams • Attention to detail and structured approach to problem-solving