5+ GRC Jobs in Delhi, NCR and Gurgaon | GRC Job openings in Delhi, NCR and Gurgaon

Job Title: ServiceNow Developer / Senior ServiceNow Consultant

Experience Required

6+ Years

Job Description

We are seeking an experienced ServiceNow professional with strong expertise in one or more ServiceNow modules, including ITSM, CSM, HRSD, ITOM, HAM, CMDB, SPM, or GRC. The ideal candidate should possess hands-on experience in designing, developing, configuring, and implementing ServiceNow solutions while collaborating closely with business and technical stakeholders.

Requirements

• 6+ years of experience working on the ServiceNow platform.
• Strong hands-on experience in ServiceNow development, configuration, and administration.
• Experience in one or more ServiceNow modules:
• ITSM (IT Service Management)
• CSM (Customer Service Management)
• HRSD (HR Service Delivery)
• ITOM (IT Operations Management)
• HAM (Hardware Asset Management)
• CMDB (Configuration Management Database)
• SPM (Strategic Portfolio Management)
• GRC / IRM (Governance, Risk & Compliance / Integrated Risk Management)
• Experience in Service Catalog, Workflows, Flow Designer, Business Rules, Client Scripts, UI Policies, ACLs, Notifications, Integrations, and Reporting.
• Strong understanding of ServiceNow platform architecture and best practices.
• Experience in designing scalable and maintainable ServiceNow solutions.
• Knowledge of REST/SOAP APIs and third-party integrations.
• Experience in Agile delivery methodologies.
• Strong troubleshooting and problem-solving skills.
• Excellent communication and stakeholder management skills.

Preferred Qualifications

• ServiceNow Certified System Administrator (CSA).
• ServiceNow Certified Implementation Specialist (CIS) in any module.
• ServiceNow Certified Application Developer (CAD).
• Experience with multiple ServiceNow module implementations.
• Exposure to cloud technologies and enterprise IT environments.

Responsibilities

• Gather and analyze business requirements and translate them into ServiceNow solutions.
• Design, develop, configure, and customize ServiceNow applications and modules.
• Implement workflows, catalog items, forms, UI policies, business rules, and integrations.
• Support end-to-end implementation, testing, UAT, deployment, and production support activities.
• Collaborate with business users, architects, and technical teams to deliver high-quality solutions.
• Perform root cause analysis and resolve complex technical issues.
• Ensure adherence to ServiceNow development standards and best practices.
• Participate in code reviews, design reviews, and solution discussions.
• Create technical documentation, knowledge articles, and support documents.
• Mentor junior team members and contribute to continuous process improvements.
• Support platform upgrades, enhancements, and new feature implementations.

Good-to-Have Module-Specific Experience

• ITSM: Incident, Problem, Change, Request, Knowledge Management
• CSM: Case Management, Customer Portals, Service Operations
• HRSD: Employee Center, HR Case Management, Lifecycle Events
• ITOM: Discovery, Service Mapping, Event Management, Cloud Management
• HAM: Asset Lifecycle Management, Procurement, Inventory Management
• CMDB: Data Modeling, CI Management, Data Governance
• SPM: Demand, Project, Portfolio, Resource Management
• GRC/IRM: Policy & Compliance, Risk Management, Audit Management, Vendor Risk Management

About the Role 

We are seeking an experienced Cyber Security Specialist who can operate across both offensive and defensive security disciplines. This dual-role professional will lead Vulnerability Assessment and Penetration Testing (VAPT) engagements, act as the in-house Red Team to simulate real-world adversaries, and own the implementation and continuous improvement of the Information Security Management System (ISMS) aligned with ISO/IEC 27001 and related standards. You will combine hands-on offensive security work with governance, audit readiness, and stakeholder engagement across engineering, IT, legal, and executive leadership. 

Key Responsibilities 

VAPT & Red Team Operations 

• Plan, scope, and execute end-to-end Vulnerability Assessment and Penetration Testing (VAPT) engagements across web applications, mobile apps, APIs, networks, cloud environments, wireless, and physical infrastructure. 
• Act as the organization's in-house Red Team, simulating advanced persistent threat (APT) actors through adversary emulation, social engineering, phishing campaigns, and physical intrusion testing where authorized. 
• Design and execute Red Team operations aligned with MITRE ATT&CK, TIBER-EU, and similar frameworks; develop custom Tactics, Techniques, and Procedures (TTPs). 
• Conduct manual and automated exploitation, post-exploitation, lateral movement, privilege escalation, and persistence testing in production-like environments. 
• Develop custom exploits, payloads, scripts, and tooling (Python, PowerShell, Bash, C/C++, Go) to bypass security controls during sanctioned engagements. 
• Perform source code reviews, threat modeling, and secure architecture reviews of new and existing systems. 
• Coordinate Purple Team exercises with the Blue Team / SOC to validate detection coverage and improve defensive playbooks. 
• Produce high-quality VAPT and Red Team reports with executive summaries, technical findings, proof-of-concept exploits, risk ratings (CVSS), and prioritized remediation guidance. 
• Re-test remediated findings and track closure with engineering and IT teams through to verification. 

ISO Compliance & Governance 

• Lead the implementation, maintenance, and continual improvement of the ISMS in line with ISO/IEC 27001:2022, including scope definition, Statement of Applicability (SoA), and risk treatment plans. 
• Own and maintain ISO policies, procedures, controls, and documentation across the organization, ensuring alignment with ISO 27001, ISO 27017, ISO 27018, and ISO 22301. 
• Plan and coordinate internal and external audits; serve as the primary liaison with certification bodies, auditors, and regulators. 
• Conduct risk assessments, business impact analyses (BIA), and threat modeling; maintain a central risk register and drive remediation. 
• Map VAPT and Red Team findings to ISO 27001 Annex A controls and feed results into the risk management lifecycle. 
• Support compliance with adjacent frameworks: SOC 2, NIST CSF, GDPR, HIPAA, PCI-DSS, and DPDP Act (India), as applicable. 
• Define and report security and compliance KPIs/KRIs to senior leadership; prepare materials for management reviews and board updates. 
• Develop and deliver security awareness training, phishing simulations, and role-based secure-coding training. 
• Drive third-party / vendor risk management, including security questionnaires, contractual clauses, and ongoing monitoring. 
• Partner with engineering and DevOps to embed security into the SDLC, CI/CD pipelines, and cloud architectures (DevSecOps). 

Incident Response & Continuous Improvement 

• Support incident response activities: detection, triage, containment, eradication, recovery, and post-incident reviews. 
• Maintain business continuity and disaster recovery plans; coordinate BCP/DR testing and tabletop exercises. 
• Stay current on emerging threats, CVEs, attacker techniques, regulatory changes, and ISO standard updates; recommend and drive improvements. 

Required Qualifications 

• 8+ years of progressive experience in cyber security, with at least 4 years in hands-on offensive security (VAPT, penetration testing, or Red Team) and 3+ years in ISO 27001 implementation and audits. 
• Proven track record of leading VAPT engagements across web, mobile, API, network, cloud (AWS / Azure / GCP), and wireless environments. 
• Hands-on experience executing Red Team operations and adversary emulation aligned with MITRE ATT&CK. 
• Deep proficiency with offensive security tooling: Burp Suite Pro, Metasploit, Cobalt Strike (or open-source equivalents like Sliver, Mythic, Havoc), Nmap, Nessus, Nuclei, BloodHound, Impacket, Responder, and OWASP ZAP. 
• Strong scripting and exploit development skills in Python, PowerShell, Bash, and at least one compiled language (C/C++, Go, or Rust). 
• Proven hands-on experience leading an organization through ISO 27001 certification and surveillance audits end-to-end. 
• Strong working knowledge of ISO/IEC 27001:2022 (including Annex A controls), ISO 27002, ISO 27017, ISO 27018, and ISO 22301. 
• Solid understanding of security domains: IAM, network security, endpoint security, cloud security, application security (OWASP Top 10, API Security Top 10), and Active Directory attack paths. 
• Experience with risk assessment methodologies (ISO 27005, NIST 800-30) and the ability to translate offensive findings into business risk. 
• Strong report-writing, policy-drafting, and executive communication skills. 
• Bachelor's degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience). 

Preferred Qualifications 

• Offensive security certifications: OSCP, OSEP, OSWE, OSED, CRTO, CRTP, CRTE, CRTL, GPEN, GXPN, GWAPT, or CEH Practical. 
• Governance certifications: ISO 27001 Lead Implementer and/or Lead Auditor, CISSP, CISM, CISA, or CRISC. 
• Cloud security certifications (CCSP, AWS Security Specialty, Azure Security Engineer, or GCP Professional Cloud Security Engineer). 
• Published CVEs, security research, bug bounty achievements, or contributions to open-source security tools. 
• Experience with Active Directory / Entra ID red teaming, Kerberos attacks, and modern EDR/XDR evasion techniques. 
• Experience with container, Kubernetes, and serverless security testing. 
• Experience implementing or auditing additional frameworks: SOC 2 Type II, NIST CSF, NIST 800-53, HITRUST, or PCI-DSS. 
• Experience with GRC platforms (Vanta, Drata, Sprinto, ServiceNow GRC, Archer, OneTrust). 
• Experience in regulated industries: financial services, healthcare, SaaS, or critical infrastructure. 
• Experience briefing executive leadership, customers, and external auditors on offensive findings and remediation strategy. 

Role - RSA Archer Technial Specialist 

Location preferred - Bangalore + key metro 

Exp Band - 10 + 

JD 

Experience in application development using the Archer platform

• Proficiency in Archer configuration, including custom fields, rules, and workflows
• Strong understanding of GRC concepts and the business context of Archer solutions
• Experience with web technologies including HTML, JavaScript, and CSS
• Familiarity with integration techniques and APIs
• Excellent problem-solving and analytical skills
• Able to work independently and collaboratively in a fast-paced environment
• Strong communication skills to interact with various stakeholders effectively

Job Title: ServiceNow Developer

📍 Location: PAN India

🏠 Work Mode: Hybrid – 3 Days Work from Office, 2 Days WFH

🕒 Shift Timings: 9:30 AM – 6:30 PM IST

✅ Key Requirements:

• Total Experience: 4–7 years
• Relevant Experience in ServiceNow: Minimum 5 years
• Project/People Management: Strong experience managing end-to-end ServiceNow implementations and delivery cycles

🛠️ Primary Skills:

• 5+ years of hands-on experience in ServiceNow platform (including modules like ITSM, ITOM, GRC, SecOps, or IRM preferred)
• Ability to lead technical teams and drive requirements, development, testing, and delivery phases
• Proficient in ServiceNow customization, scripting, workflows, and integrations

🧩 Secondary Skills:

• Proficiency in Microsoft Office Suite (Excel, Word, PowerPoint)
• Experience with Microsoft Project for planning and tracking activities

🎯 Responsibilities:

• Act as the single point of contact for all ServiceNow-related project activities
• Drive project execution, track milestones, and deliverables
• Liaise between technical teams, business stakeholders, and vendors
• Ensure compliance with client standards and delivery expectations

Prepare and present reports, dashboards, and project documentation

Dear Candidate,

Greetings from HCL Technologies Ltd.

• Make sense of Cyber security and compliance frameworks that apply to your business or industry
  • Identify business risks, taking into account the role of your hosting service provider
  • Determine which Cyber security controls are required to mitigate your identified risks
  • Improve collaboration and communication during Cyber security Incident mitigation and response.
  • Establish the necessary framework based on NIST Framework to maintain and continually improve your information security program over time based on evolving scope and emerging risks
  • Document and track efforts for evidence collection and audit preparation

• will have primary responsibility for coordinating and implementing effective Cyber Security management across the account. This role will ensure that all Supplier obligations are met regarding compliance with Security guidelines, data protection, regulations, Supplier policies, and key controls.
• provide implementation and ongoing operation of Security management framework;
• be responsible for coordinating activities to address the key Security risk exposures;
• ensure Security awareness training of, and assistance in the implementation of robust Security management practices across Security operations;
• direct the design of controls to address emerging or new Security risk and compliance requirements;
• carry out regular and frequent assurance reviews of the design and operating effectiveness of Security controls;
• implement, monitor and report on key Security risk indicators to identify and address emerging risks;
• coordinate with other Service Providers and Security functions, to facilitate client’s audits and inspections;
• manage and report on responses and actions to address Security audit points, inspection deficiencies, or control weakness identified during normal operations.
• review outcome of cyber security risk assessment, timely implement open action items and report progress to stakeholders
• incorporate vulnerability testing as an integral part of change management
• Should have good knowledge of Cyber Security Framework and controls
• CISA ,CISM or CISSP certification should be preferred.
• Have good understanding of Security policy and process along with ITSM process.