Skip to main content
Back to jobs

Senior Director - Governance, Risk, & Compliance (GRC)

External
Unisys logoUnisys · Bangalore, India
ContractOn-site5d ago
ComplianceDocumentationGDPRInformation SecurityLeadershipRisk Management
Cover LetterConnect

Prepare for this interview

Elite

AI-generated questions, company research, and talking points tailored to this role

Responsibilities

  • GRC Strategy & Governance
  • Define and execute the enterprise GRC strategy aligned to cybersecurity and business objectives
  • Establish governance frameworks, policies, standards, and operating models across GIS
  • Provide executive reporting to CISO, senior leadership, and Board-level committees on risk posture and compliance status
  • Drive continuous improvement of GRC maturity leveraging frameworks such as NIST CSF and ISO 27001
  • Risk Management (Cyber & IT Risk)
  • Own the Cybersecurity area within the Enterprise Risk Management (ERM) program including risk identification, assessment, mitigation, and reporting
  • Maintain and govern the centralized risk register in the GRC tool and ensure timely updates across BUs through the BISOs and other corporate functions.
  • Define risk appetite, tolerance, and escalation mechanisms
  • Facilitate risk-based decision-making processes including Policy exception and risk acceptance processes and criteria.
  • Compliance & Regulatory Management
  • Ensure compliance with global and regional regulatory requirements (e.g., SOX ITGC, NIS2, DORA, GDPR, CRA as applicable)
  • Govern adherence to industry standards and certifications: ISO 27001, ISO 22301, ISO 20000 and ISO 9000
  • Corporate SOC 1 Type II, Client Specific SOC 2 Type II
  • NIST, PCI-DSS, Cyber Essentials Plus and other regional certifications
  • Oversee internal controls design, testing, and remediation tracking
  • Act as the primary escalation point for compliance risks and audit findings
  • Audit & Assurance
  • Provide executive oversight for: Internal audits (IA), external audits, and regulatory reviews
  • Audit planning, execution coordination, and closure of findings
  • Govern audit partner relationships and ensure audit readiness across the organization
  • Ensure effective remediation and closure of audit findings within defined timelines
  • Third-Party Risk Management (TPRM)
  • Lead the enterprise TPRM program including: Risk assessments of suppliers and partners
  • Security clauses in supplier contracts
  • Partner with Procurement, Legal, and Privacy functions
  • Ensure continuous monitoring of third-party risk posture through Security Rating tools
  • Policy, Standards & Control Framework
  • Establish and maintain corporate information security policies, standards, and procedures
  • Ensure alignment with control frameworks (ISO, NIST)
  • Govern policy lifecycle management, including annual reviews, approvals, updates, and awareness.
  • Standardize documentation and ensure consistency across GIS artifacts
  • Security Awareness & Culture
  • Provide executive sponsorship to Security Awareness & Training programs
  • Ensure alignment of training with risk landscape and organizational priorities
  • Monitor effectiveness through metrics, reporting, and behavioral risk reduction
  • Business Continuity and Disaster Recovery
  • Define, implement and test Business Continuity and Disaster recovery plans across the defined scope of the enterprise.
  • Work closely with the Enterprise Resilience team to align Business Continuity Plans with Corporate Crisis Management plans
  • Business & Client Engagement
  • Support client security assurance activities: RFP/RFI responses
  • Security questionnaires
  • Contract and security exhibit reviews
  • Act as executive point of contact for key customers on security governance matters
  • Metrics, Reporting & Governance
  • Define KPIs/KRIs for all domains of GIS and report out through Monthly automated dashboards.
  • Lead governance forums such as: Risk Review Boards and Policy Exception Review Boards
  • Drive data-driven decision making and transparency across stakeholders
  • Preparation of slides for Board and CISO
  • Team Leadership
  • Lead a global GRC organization including Risk, Compliance, Audit, TPRM, Policy, BCM/DR functions
  • Provide leadership oversight to the GIS India associates as the 'GIS India leader' and build high-performing teams and ensure capability maturity
  • You will be successful in this role if you have:
  • Experience & Qualifications
  • 18-25+ years in IT / Information Security with: 12+ years in cybersecurity
  • 8+ years in GRC leadership roles
  • Strong experience across: Risk management, audit, compliance, and policy frameworks
  • Enterprise-scale GRC program leadership
  • Prior experience interacti

Benefits

Vision insurance

Additional Information

What success looks like in this role: The Senior Director - GRC is a strategic leadership role responsible for Creating the vision for the GRC program Clear understanding of the business and how the GRC function can be a business enabler Support the CISO This role ensures alignment with regulatory requirements, industry standards, and business objectives while providing executive oversight across risk, audit, compliance, and assurance functions. The position partners closely with the internal teams - CISO, BISO's, Corporate IT and cross-functional teams (Privacy, Legal, HR, Procurement, Corporate Real Estate), and external teams - Vendors and Customers to drive a risk-aware culture, strengthen control frameworks, and enable secure business growth.

Your Match

How well this role fits your profile.

Company Intel

What employees say

Worked at Unisys? Share your experience

Interested in this role?

Apply on the company's website.

Cover LetterConnect