Analyst- IS Governance

Role Overview:

The GRC Analyst at UPL will be responsible for driving all Information Security Governance, Risk, and Compliance (GRC) initiatives, ensuring alignment with global UPL policies, regulatory requirements, and data privacy frameworks. This role involves working closely with business units, IT, the information security team, legal, HR, and external stakeholders to implement and maintain a robust security, compliance, and data privacy framework. The role will manage risks effectively, ensure security compliance across the region, oversee third-party risk management, conduct business impact analysis, and promote a culture of security and data privacy awareness across the regions.

Key Responsibilities:

1. Governance & Policy Implementation

• Act as the regional lead for all GRC-related and data privacy initiatives in Europe region, ensuring adherence to UPL's global policies, frameworks, and data privacy laws.

• Support the development, rollout, implementation, and monitoring of security, IT, compliance, and data privacy policies across the region.

• Drive data privacy and security awareness programs tailored to regional needs to foster a strong security and data privacy culture.

• Execute and maintain Information Security and Data Privacy projects and programs specific to the respective region.

2. Risk Management & Compliance

• Conduct risk assessments, identify key risks, and recommend mitigation strategies related to both information security and data privacy.

• Monitor compliance with regulatory requirements, industry standards (ISO 27001, NIST, DPDPA, GDPR, etc.), UPL policies, and data privacy laws.

• Work with internal and external auditors for audits, assessments, and certifications, including data privacy certifications like GDPR compliance.

• Maintain risk registers and track remediation plans for identified risks, ensuring both information security and data privacy risks are addressed.

• Maintain security and data privacy compliance for the region by ensuring adherence to relevant security frameworks, industry standards, and best practices.

• Evaluate and assess third-party vendors and partners for compliance with UPL’s information security, risk management, and data privacy policies.

• Collaborate with procurement, legal, and IT teams to ensure secure vendor onboarding, contract compliance, and adherence to data privacy obligations.

• Conduct Business Impact Analysis (BIA) to identify critical business functions, assess potential risks, and evaluate the impact on data privacy and security.

3. Security & IT Compliance

• Ensure IT, cybersecurity, and data privacy policies are effectively communicated and acknowledged by employees.

• Support IT, CISO, and Data Protection Officer (DPO) teams in implementing controls, compliance frameworks, and data privacy measures.

• Track and report non-compliance issues, including data privacy breaches, ensuring timely resolution.

4. Cross-Functional Collaboration

• Act as a liaison between IT, security, legal, HR, business units, and the Data Protection Officer (DPO) to ensure alignment on GRC and data privacy matters.

• Support incident response teams in security and compliance-related incidents, including those involving data privacy breaches.

• Engage with external regulatory bodies, auditors, and consultants as required to stay updated on information security and data privacy laws.

5. Reporting & Continuous Improvement

• Develop and present GRC and data privacy metrics, dashboards, and reports to leadership, highlighting key risks, compliance status, and improvement opportunities.

• Stay updated on emerging risks, regulatory changes, and industry best practices related to both security and data privacy.

• Proactively recommend improvements to strengthen UPL’s GRC and data privacy frameworks, ensuring alignment with global standards and regulatory requirements.

Qualifications & Experience:

• BE/Btech degree in IT, Cybersecurity, Risk Management, Data Privacy, or a related field.

• 3+ years of experience in GRC, IT security, compliance, data privacy, or risk management.

• Strong knowledge of regulatory frameworks and industry standards (ISO 27001, NIST, SOC 2, DPDPA, GDPR, etc.), with a specific focus on data privacy.

• Experience in third-party risk management, data privacy programs, security awareness initiatives, and business impact analysis.

• Experience in managing audits, compliance assessments, risk management programs, and data privacy audits.

• Strong analytical, communication, and stakeholder management skills.