Senior Manager IT Governance Risk And Compliance – Pune
Job Description
Senior Manager IT Governance Risk And Compliance – Pune
Job highlights
Bachelor’s or master’s degree in IT, Computer Science, or Cybersecurity; 6-8 years of experience in IT Governance, Risk Management, and Compliance; preferred certifications include CISA, CRISC, ISO 27001 LA/LI, CISM
Lead the design and implementation of IT governance, risk management, and compliance framework; manage policy lifecycle and risk registers; ensure compliance with regulatory standards
Job match score
Early Applicant
Key Skills
Location
Work Experience
6 – 8 Years
1 Vacancy
Not disclosed
Pune
Must have key skills
Cyber Security,IT Risk Management,Information Security,IT Governance
Other key skills
IT Security
Job description
What you’ll do
Job Title: Senior Manager IT Governance, Risk & Compliance (GRC)
Reporting To: Head Information Security
Job Location: Pune
Experience: 6-8 Years
Qualification:
Bachelors or master’s degree in information technology, Computer Science, or Cybersecurity.
Preferred certifications: CISA, CRISC, ISO 27001 LA/LI, CISM or equivalent.
Experience Required:
Minimum 6-8 years of experience in IT Governance, Risk Management, and Compliance, preferably within regulated industries such as Pharmaceuticals, BFSI, or Manufacturing.
Position Overview
The Senior Manager IT GRC will be responsible for leading the design, implementation, and continuous improvement of the organization’s IT governance, risk management, and compliance framework. The role involves ensuring alignment with industry standards, managing policy lifecycle, overseeing risk registers, and tracking compliance status across business units. The candidate will serve as the bridge between the IT Security team, business functions, and internal/external auditors.
Key Roles and Responsibilities
1. Governance and Policy Management
Develop, review, and maintain IT and cybersecurity policies, standards, and procedures in alignment with NIST, ISO 27001/27017/27018, and DPDP/GDPR frameworks.
Establish a policy lifecycle management process including drafting, approvals, version control, distribution, and periodic review.
Ensure all IT and security policies are effectively communicated and acknowledged across the organization.
Track and report policy compliance metrics and improvement actions to the CISO.
2. Risk Management
Lead the IT Risk Management program, including risk identification, assessment, mitigation planning, and tracking.
Maintain and update the Enterprise IT Risk Register and coordinate periodic risk reviews with stakeholders.
Perform risk-based assessments for new technologies, vendors, and business initiatives.
Support the design and monitoring of Key Risk Indicators (KRIs) and provide timely risk dashboards to leadership.
3. IT Compliance and Assurance
Drive compliance with internal policies, regulatory standards, and external audit requirements (e.g., ISO 27001, GDPR, DPDP, NIST, etc.).
Manage periodic ITGC, data privacy, and cybersecurity compliance assessments across departments and group entities.
Coordinate and support internal/external audits, ensuring timely closure of observations and corrective actions.
Maintain a centralized compliance tracking dashboard to monitor adherence and progress.
4. Reporting and Governance Support
Provide regular reports and dashboards on risk posture, compliance scorecards, and policy adherence for CISO and IT leadership reviews.
Support the Information Security Committee meetings by preparing agendas, minutes, and action trackers.
Contribute to management reviews and board-level presentations on the status of governance and compliance.
5. Continuous Improvement & Awareness
Identify and implement process improvement initiatives to enhance GRC efficiency through automation and analytics.
Conduct or support awareness programs and training sessions on risk and compliance for IT and business teams.
Collaborate with cross-functional teams (Legal, HR, Finance, Quality, etc.) to ensure enterprise-wide GRC alignment.
Qualifications & Skills
Education:
Bachelor’s or master’s degree in information technology, Computer Science, or Cybersecurity.
Preferred certifications: CISA, CRISC, ISO 27001 LA/LI, CISM or equivalent.
Technical & Professional Skills:
Strong understanding of IT governance frameworks (COBIT, NIST, ISO 27001).
Proficiency in risk management methodologies and compliance tracking tools.
Experience with policy lifecycle management systems and GRC platforms.
Excellent communication, stakeholder management, and documentation skills.
Analytical mindset with attention to detail and the ability to present complex data clearly.
Key Performance Indicators (KPIs)
% of IT policies reviewed and approved within defined timelines.
Reduction in high/critical IT risks through mitigation tracking.
Compliance audit closure rate and timeliness.
Risk and compliance dashboard accuracy and reporting frequency.
Awareness and training coverage across employees.
Industry type
Pharmaceutical & Life Sciences
Department
IT & Information Security
Role
IT & Information Security – Other
Role category
IT & Information Security – Other
Employment type
Full Time, Permanent
Education
B.Tech/B.E. in Information Science, Computers, MS/M.Sc(Science) in Computers, Cyber Security Engineering
Create an alert for similar jobs
IT & Information Security – Other, Pune
About company
Emcure Pharmaceuticals is a leading Indian pharmaceutical company, recognized for our commitment to developing and manufacturing a diverse range of high-quality medicines. Founded in 1981 and headquartered in Pune, we have established a significant presence in both domestic and international markets.
Key Highlights About Emcure:
Product Range: We offer a diverse portfolio of formulations across various therapeutic areas, including oncology, cardiology, gynecology, and infectious diseases, as well as manufacturing active pharmaceutical ingredients (APIs).
Research and Development: Our strong emphasis on R&D enables us to invest in innovative technologies and processes for developing new drugs and enhancing existing ones.
Global Presence: Emcure exports products to over 70 countries, including regulated markets such as the United States and Europe, while adhering to international quality standards.
Manufacturing Facilities: Our state-of-the-art manufacturing plants comply with Good Manufacturing Practices (GMP) and are equipped with modern technology to ensure quality and efficiency.
Corporate Social Responsibility: We actively engage in CSR initiatives focusing on healthcare, education, and community development, reflecting our commitment to societal well-being.
For more information about our organization, please visit our website: About Us | www.emcure.com
Headquarters
P1 and P2, IT-BT Park, MIDC Phase Il, Hinjawadi, Pune, Pune, Maharashtra , PUNE, Maharashtra, India
Apply