The Cybersecurity GRC & Assurance Consultant will play a pivotal role in safeguarding HCLTech’s operations and clients by leading governance, risk management, and compliance (GRC) initiatives. This position is instrumental in ensuring the organization’s cybersecurity posture meets global standards and regulatory requirements, supporting enterprise-wide transformation, and driving continuous improvement in security assurance and compliance across complex, multinational environments.
responsibilities :
Lead and support enterprise-wide cybersecurity governance, risk management, and compliance (GRC) programs.
Conduct regulatory compliance assessments (including DORA), gap analyses, and maturity evaluations aligned with business and regulatory requirements.
Develop and maintain risk registers, control frameworks, and remediation roadmaps.
Advise stakeholders on cyber risk posture, DORA-related compliance gaps, and mitigation strategies.
Drive compliance and assurance activities for industry and regulatory standards such as ISO/IEC 27001, NIST CSF 2.0, GDPR, NIS2 Directive, and DORA.
Interpret regulatory requirements and integrate them into actionable cybersecurity controls and processes.
Support regulatory readiness assessments and ongoing compliance monitoring.
Provide assurance and oversight across key cybersecurity control domains: threat & vulnerability management, incident response, IAM, network & infrastructure security, security logging, monitoring, and reporting.
Review and validate the design and operational effectiveness of cybersecurity controls.
Plan, coordinate, and execute internal and external cybersecurity audits, acting as the primary contact for auditors and assessors.
Manage audit evidence collection, walkthroughs, issue tracking, and closure of findings.
Support management responses and remediation plans for audit observations.
Lead or participate in cybersecurity and compliance implementation for DORA transformation programs.
Drive enhancements in cybersecurity processes, tools, and governance models.
Foster collaboration with IT, Security Operations, Risk, and Business teams to embed compliance into daily operations.
Support automation and continuous improvement of GRC processes.
requirements-expected :
8-10+ years of experience in cybersecurity, GRC, risk management, or compliance assurance.
Proven track record in leading cybersecurity assurance and GRC initiatives, including DORA, NIST, GDPR programs.
Hands-on experience managing external cybersecurity audits and regulatory assessments.
Experience in large enterprises or regulated sectors (BFSI, Telecom, Healthcare, Utilities, etc.).
In-depth knowledge of global cybersecurity frameworks and standards (ISO 27001, NIST CSF 2.0, GDPR, NIS2 Directive, DORA).
Strong understanding of enterprise cybersecurity control domains.
Demonstrated ability to assess control effectiveness and translate risk into business context.
Excellent stakeholder management and communication skills.
Ability to work independently and lead cross-functional projects.
Experience presenting to senior management and risk committees.
Structured, detail-oriented, and results-driven approach.
offered :
Life insurance
Private healthcare
MultiSport Card
Clear career path in a growing multinational organization
