Note: The job is a remote job and is open to candidates in USA. Nasscomm is seeking a Senior or Manager-level GRC professional to join their Digital Technology team to strengthen the design and operation of technology controls across the enterprise. The role involves planning and executing control testing, evaluating control evidence against audit standards, and assessing risk for AI systems while partnering with various teams to maintain a robust control environment.
Responsibilities
- Design, document, and recommend technology controls mapped to applicable frameworks including NIST AI Risk Management Framework, NIST SP 800-53, ISO 27001, and SOX IT General Controls
- Perform testing of relevant technology covering both design and operating effectiveness across NIST AI RMF controls, IT General controls (Logical Access, Change Management, IT Operations) and IT Application Controls
- Develop control test plans that are repeatable, auditor-defensible, and appropriately scoped to the control objective
- Collect, organize, and critically evaluate control evidence; assess completeness, accuracy, and relevance
- Document test procedures, sampling rationale, results, and conclusions in accordance with internal methodology and external audit standards
- Support AI risk assessments for internal AI systems and third-party AI tools, evaluating risk across multiple risk domains
- Analyze current and emerging regulatory and internal policy requirements to identify internal control gaps and develop recommendations to address
- Issue Management: Evaluate identified issues, determine root causes, and recommend remediation solutions. Track commitments across technology teams, identify milestone slippage early, and escalate as appropriate
Skills
- Undergraduate degree in information technology, management information systems, or a related field
- 5+ years of experience in IT risk management, information security compliance, or internal IT audit in large enterprise environments
- Able to communicate complex control findings clearly to both technical teams and non-technical stakeholders, including senior leadership
- Comfortable working both independently or in teams and working within a complex environment
- Excellent analytical, technical and problem-solving skills, with strong attention to detail
- Strong understanding of IT General Computer Controls (ITGCs), system development lifecycle, and IT auditing techniques; including broad knowledge of IT technologies, operating systems, databases, and application platforms
- Knowledge of SOX, NIST SP 800-53, NIST AI Risk Management Framework (AI RMF), ISO 42001, or EU AI Act is a plus
- Professional accreditation (e.g., CISA, CISM) is a plus
- Familiarity with ServiceNow Integrated Risk Management (IRM) platform is a plus
Company Overview