ITC Infotech - L3 Vulnerability Management/Risk & Compliance Lead

Job Summary:

ITCI Cyber Security team is looking for the role which is accountable for leading the organizations end-to-end vulnerability lifecycle and aligning risk and compliance efforts with regulatory mandates such as RBI Master Directions and SEBI Cybersecurity Framework.

The individual will ensure timely vulnerability detection, validation, remediation governance, and risk-

based prioritization.

The role also anchors all compliance readiness activities across cybersecurity, translating control gaps into actionable security initiatives while coordinating with internal and external audit functions.

Key Responsibilities:
- Lead the overall vulnerability management lifecycle across infra and application assets (VM, risk scoring, remediation tracking).
- Own end-to-end delivery of VM scans, validation cycles, and risk-based prioritization using tools like Tenable/Nessus.
- Map vulnerabilities to business risk and generate executive-level dashboards with risk exposure summaries.
- Define and maintain risk treatment plans per RBI and SEBI frameworks, coordinating with infra and app teams.
- Conduct compliance checks, technical control validations, and support readiness for RBI/SEBI/ISO audits.
- Perform monthly risk posture reviews, threat trend reporting, and mitigation progress evaluations.
- Oversee gap assessments against RBI Master Direction, SEBI circulars, and DPDP data security provisions.
- Provide expertise in documenting technical controls, ISMS artifacts, and audit trails for internal and external audits.
- Engage with stakeholders to establish security exceptions, compensating controls, and policy deviation approvals.
- Build and maintain GRC tools and risk registers with role-based access and automated updates.

Key Skills & Certifications:

- 10+ years in cyber risk management, vulnerability assessment, and compliance delivery.
- Strong experience with Tenable/Nessus, Qualys, and GRC tools.
- ISO 27001 Lead Auditor, CRISC, or CISA certified.
- In-depth knowledge of RBI Master Direction on IT Framework, SEBI Cybersecurity Guidelines.
- Strong skills in risk quantification, reporting, and policy enforcement.