Cybersecurity - GRC Specialist

Job Title: Cybersecurity GRC Specialist

Location: Chennai

Job Type: Onsite - Work from office

Experience: 7+ years (with at least 5 years in GRC-focused roles)

About Neysa:

Neysa is an AI Acceleration Cloud System provider, dedicated to democratizing AI adoption with purpose-built platforms and services for AI-native applications and workloads. Co-founded by industry leaders, we empower businesses to discover, deploy, and scale Generative AI (Gen AI) and AI use cases securely and cost-effectively. Our flagship platforms—Neysa Velocis, Neysa Overwatch, and Neysa Aegis—accelerate AI deployment, optimize network performance, and safeguard AI/ML landscapes. We are committed to enabling AI-led innovation across industries and geographies.

Role Overview:

We are looking for an experienced Governance, Risk & Compliance (GRC) Specialist to join our security team. In this role, you will own the end-to-end compliance lifecycle— covering certifications, security audits, and customer/vendor documentation—while equipping Sales and Customers with up-to-date security collateral. The ideal candidate brings a strong mix of compliance expertise, stakeholder management, and technical insight to drive both internal security programs and external customer trust.

Key Responsibilities:

1. Governance & Compliance
   • Design, implement, and manage security compliance programs across our on-premise private cloud infrastructure, aligned with ISO 27001, 27017, 27018, SOC2, DPDPA, and PCI DSS.
   • Conduct risk assessments, gap analyses, and treatment planning with a focus on cloud environments.
   • Lead internal compliance readiness activities and manage external audits, ensuring timely closure of findings.
   • Maintain and enhance GRC documentation, including control matrices, risk registers, and compliance reports.
   • Develop and update security policies and procedures in line with evolving business and compliance needs.
2. Customer & Stakeholder Engagement
   • Respond to customer security questionnaires, RFPs, and due diligence requests.
   • Maintain a central repository of security FAQs, certifications, and compliance collateral for Sales enablement.
   • Lead security-related discussions with customers, vendors, and auditors, ensuring transparency and trust.
   • Collaborate with DevOps, IT, and Infrastructure teams to integrate GRC requirements into the platform lifecycle and embed security-by-design principles.
   • Partner with SOC teams for threat detection, monitoring, and incident response use case development.Risk & Security Assessments (including VAPT)
   • Plan, conduct, and coordinate vulnerability assessments and penetration tests (VAPT) across applications, systems, and networks.
   • Support infrastructure hardening and maintain audit-ready evidence.
   • Work with internal teams and third-party vendors for specialized security assessments.
   • Analyze findings from vulnerability scans, penetration tests and hardening findings, providing actionable remediation guidance.
   • Collaborate with technical teams to prioritize risks, ensure secure configurations, and track remediation progress.
   • Assist in securing network and virtual infrastructure components (firewalls, WAF, proxy, VPN, segmentation).

Required Skills & Qualifications:

• Bachelor’s or Master’s degree in Information Security, Computer Science, o related field.
• 7+ years of cybersecurity experience, with at least 5 years in GRC-focused roles.
• Proven experience in achieving and maintaining compliance with ISO 27001, 27017, 27018, SOC 2, DPDPA, and PCI DSS.
• Experience with VAPT, vulnerability management, and remediation tracking.
• Strong understanding of security frameworks such as NIST CSF, CIS Controls, and ISO standards.
• Effective communicator with the ability to engage Customer, engineering. operations, and executive stakeholders.
• Excellent communication skills with the ability to simplify technical concepts for non-technical stakeholders.
• Strong organizational and project management skills.

Preferred Certifications:

• • GRC-focused: CISA, CISM, CRISC, CISSP, ISO 27001 Lead
  • Implementer/Auditor. (Minimum One)
  • Technical: CEH, OSCP, or equivalent. (Optional)