3+ ISO/IEC 27000-series Jobs in Delhi, NCR and Gurgaon | ISO/IEC 27000-series Job openings in Delhi, NCR and Gurgaon

Job Summary

We are seeking an experienced ServiceNow Business Analyst with strong expertise in Integrated Risk Management (IRM) and Governance, Risk, and Compliance (GRC). The ideal candidate will bridge business needs and technical solutions, driving the implementation and optimization of ServiceNow IRM/GRC modules while ensuring alignment with organizational risk and compliance objectives.

Key Responsibilities

• Collaborate with stakeholders to gather, analyze, and document business requirements for IRM/GRC processes
• Translate business requirements into functional specifications and user stories for ServiceNow implementations
• Lead workshops, requirements sessions, and stakeholder meetings
• Configure and support ServiceNow IRM/GRC modules, including:
• Policy and Compliance Management,
• Risk Management,
• Audit Management,
• Vendor Risk Management
• Work closely with developers and architects to ensure accurate implementation of requirements
• Perform gap analysis and recommend process improvements aligned with industry best practices
• Support User Acceptance Testing (UAT), including test case creation and defect management
• Maintain documentation, including BRDs, FRDs, process flows, and user guides
• Ensure data integrity, reporting accuracy, and dashboard creation within ServiceNow
• Provide ongoing support and enhancements post-implementation

Required Skills & Qualifications

• 6+ years of experience as a ServiceNow Business Analyst, with at least 4+ years in ServiceNow IRM/GRC
• Strong understanding of risk management and compliance frameworks (e.g., ISO 27001, NIST, SOX)
• Hands-on experience with ServiceNow IRM/GRC modules
• Proficiency in requirement gathering, stakeholder management, and business process mapping
• Experience working in Agile/Scrum environments
• Strong analytical, problem-solving, and communication skills
• Ability to work with cross-functional teams and manage multiple priorities

Preferred Qualifications

• ServiceNow Certified System Administrator (CSA)
• ServiceNow Certified Implementation Specialist – Risk and Compliance (CIS-RC)
• Experience with integrations, reporting, and dashboards in ServiceNow
• Knowledge of ITSM processes and their alignment with GRC
• Prior consulting or client-facing experience

Key Competencies

• Stakeholder Management
• Business Analysis & Requirement Elicitation
• Risk & Compliance Domain Knowledge
• Process Improvement
• Communication & Presentation Skills

Nice to Have

• Experience with SecOps or Third-Party Risk Management
• Exposure to automation and workflow optimization within ServiceNow
• Understanding of regulatory environments across industries (BFSI, Healthcare, etc.)

Role Objective

We are looking for a proactive InfoSec Associate to support our compliance and audit functions. You will play a key role in maintaining our ISO standards, handling vendor security assessments, and ensuring our documentation is audit-ready for our banking and NBFC clients.

Key Responsibilities

• Audit Support: Assist in internal and external audits for ISO 27001, SOC2, and ISO 27701.
• Vendor Compliance: Independently handle and respond to detailed Vendor Security Questionnaires from banks and NBFCs.
• Evidence Management: Collect, organize, and present technical audit evidence from engineering and IT teams.
• Policy & Documentation: Help draft and review Security Policies, SOPs, and ISMS documentation.
• Risk Tracking: Track audit observations and manage the Corrective Action Plan (CAPA) to ensure timely remediation.
• Data Privacy: Assist in aligning internal processes with the DPDP Act and GDPR requirements.

Required Skills & Competencies

• Framework Knowledge: Basic understanding of ISO 27001 and Risk Assessment principles.
• Technical Literacy: Ability to understand AWS/Azure cloud security settings from a compliance standpoint.
• Documentation: High proficiency in organizing audit trails and drafting professional security reports.
• Communication: Comfortable interacting with external auditors and internal technical teams.

Preferred Certifications (Good to Have)

• ISO 27001 Internal Auditor
• CompTIA Security+
• CISA (In-progress/Foundation)

About Us 

Rezo.ai is an AI-Powered Contact Centre that enables enterprises to enhance customer experience and boost revenue by automating and analyzing customer agent interactions across multiple channels including voice, email, chat/WhatsApp, and social, at the required scale, whilst training agents with minimal costs 

How do we do it 

Rezo’s AI-Powered contact center leverages ground-breaking technologies in AI, ML, ASR, NLP, RPA, and predictive intelligence to transform customer experience and reduce costs by automating, analyzing social media, whilst coaching them.

Overview

Providing leadership in the information security space, helping ensure ISO and GDPR certification, and establishing, maintaining, and enforcing our security policies. Working closely with our business and technology teams to ensure awareness and adherence to the policies and procedures established.

To ensure that the security solutions being designed and delivered are aligned with the enterprise security architecture, supporting the transition of the security architecture from its current to its planned future state.

To lead and provide strategic oversight to ensure and assure the beneficial and cost-effective security change across key accounts, through the evaluation of business strategies and requirements providing advice, guidance and assurance.

Role & Responsibility

• Provide security advice and guidance to business and delivery teams ensuring solutions are consistent with the enterprise security roadmap whilst balancing business values and security risk.
• Recommend changes to IT systems to bring them into compliance with security policy, standards, blueprints and roadmaps.
• Influence stakeholders to adopt architecturally sound approaches to the management of risk.
• Advise on the translation of business requirements into secure IT solutions and migration roadmaps.
• Preparation and documentation of standard security operating procedures and protocols
• Recommend technical solutions and new security tools to help mitigate security vulnerabilities and automate repeatable tasks
• Advise on alternate solutions and countermeasures to mitigate identified information risks.
• Provide assurance that identified solutions or countermeasures mitigate identified information risks.
• Write comprehensive reports including assessment-based findings, outcomes and propositions for further system security enhancement
• Implements security improvements by assessing the current situation; evaluating trends; anticipating requirements.
• Keeps users and businesses informed by preparing performance reports; communicating system status, and owning security incidents when they arise.

Technical Skills Required

• Proven experience in the design, implementation and operation of scaled IT security services and capabilities, ideally within a large government organization or complex large-scale multi-supplier organization.
• Strong technical aptitude and exposure to ISO 27001 or similar-based security policies and standards.
• Excellent communication skills, with the ability to articulate complex technical issues into business-focused terms and communicate with Stakeholders.
• Knowledge of GDPR, its business implications and the merits of various technical approaches
• Expertise in IT security risk in a business context
• Exposure to web application security and penetration testing.
• Exposure to securing the software development life cycle and to project management disciplines.
• Excellent organizational and technical documentation skills.
• Strong understanding of Information Security including threats, attacks, and vulnerability management.
• Deep understanding of secure development practices, with practical experience of cyber security, privacy protection, cloud security, identity management, situations awareness, protective monitoring, security operations, risk management and reporting.