7+ Risk Management Jobs in Mumbai | Risk Management Job openings in Mumbai

Job Description:

We are seeking a highly skilled and motivated GRC Consultant to play a pivotal role in

delivering projects for the implementation of the Governance, Risk, and Compliance framework.

The ideal candidate will take ownership of risk management, compliance monitoring, and

contribute to strategic enhancements for clients.

Key Responsibilities:

● Take a lead role in the ongoing development and enhancement of the GRC

framework.

● Drive the implementation of policies and procedures as required by various

information security/privacy/data security frameworks.

● Implement frameworks such as ISO 27001, ISO 22301, etc., and achieve client

certification.

Risk Management:

● Lead the identification, assessment, and management of risks across diverse

business units.

● Conduct thorough risk assessments and provide strategic recommendations.

● Understand compliance requirements with laws and regulations concerning

information security and privacy.

Training and Leadership:

● Conduct training and awareness sessions for end users and client SPOCs on

information and cybersecurity requirements.

Qualifications:

● Bachelor’s degree in IT or a related field.

● Excellent communication and leadership abilities.

● Candidates with a cybersecurity background only.

● Minimum 2 yrs experience in cybersecurity

A Product Manager with hands-on experience in risk management

within capital markets or brokerage environments.

● Experience working with risk engines or brokerage RMS/OEMS systems.

● Exposure to market surveillance, margining systems, or credit risk control platforms.

● Understanding of SEBI regulatory frameworks.

● Risk Domain Experience: 2-5 years of experience in capital markets or brokerage

risk management (e.g., RMS/OEMS platforms, risk surveillance, exposure

monitoring, or trading controls).

● Product Management Experience: Proven success in managing complex product

roadmaps, ideally in B2B or FinTech environments.

● Regulatory Familiarity: Strong understanding of capital market regulatory

requirements and their impact on risk systems.

● Tech Fluency: Able to comfortably engage with developers on system architecture,

APIs, data flows, and platform dependencies.

● Strong Communicator: Excellent written and verbal communication skills to

effectively manage stakeholders and articulate product trade-offs.

● Analytical Thinker: Strong problem-solving skills with the ability to simplify complex

use cases into structured, actionable requirements.

● Self-Driven: Highly motivated, disciplined, and accountable—able to thrive in

fast-paced, high-impact environments.

Job Title: Project Manager

Location: Mumbai

Experience: 2 to 4 years

Job Type: Full-time

Job Description:

We are looking for a motivated and experienced Project Manager to lead software development projects in an Agile environment. The ideal candidate will have 2 to 4 years of experience managing projects, working closely with development teams, and ensuring timely and high-quality delivery aligned with business goals.

Key Responsibilities:

• Lead and manage end-to-end software development projects.
• Facilitate Agile ceremonies like daily stand-ups, sprint planning, reviews, and retrospectives.
• Collaborate with Product Owners to manage and prioritize the backlog.
• Remove impediments to ensure smooth workflow and timely delivery.
• Track project progress using Agile metrics (e.g., burndown charts, velocity).
• Communicate project status, risks, and issues effectively to stakeholders.
• Encourage a culture of collaboration, continuous improvement, and accountability.
• Ensure adherence to Agile methodologies and the Software Development Life Cycle (SDLC).

Required Qualifications:

• Bachelor’s or Master’s degree in Computer Science, Information Technology, or a related field.
• 2 to 4 years of experience in a Project Manager or Scrum Master role.
• Strong understanding of Agile and Scrum frameworks.
• Basic knowledge of SDLC and understanding of software development practices.
• Familiarity with project tracking tools like JIRA and Confluence.
• Strong communication, problem-solving, and leadership skills.

Preferred Qualifications:

• Certification in Scrum (CSM) or Agile methodologies.
• Basic coding knowledge or understanding of software project structures.
• Experience in IT or software development environments.

What will you do every day?

As a Security & Compliance Specialist, you are responsible for helping the implementation of the organization's information security and compliance programs. You will also help in implementing and reviewing data protection and privacy controls through technical, operational, and administrative measures. The ideal candidate will have good experience in Security in SaaS products, a deep understanding of regulatory requirements, and a proactive approach to managing security threats and third-party risks; someone who enjoys security work and possesses both deep and wide expertise in the security space.

Job Responsibilities

• Develop and Implement Security & Privacy Policies (Primary | Must have)
• Create and maintain comprehensive security policies and procedures for cloud environments and application security that align with organizational goals and regulatory requirements
• Ensure policies are regularly updated and communicated to relevant stakeholders; should be an SME for Enterprise Security and Privacy related activities
• Third-Party Risk Management (Primary | Must have)
• Handle the third-party risk management activities (TPRM) covering both inbound and outbound assessments (through the Customer & Vendor lifecycles)
• Collaborate with procurement and legal teams to ensure third-party contracts include appropriate security and compliance requirements (this includes reviews of MSA, Bids, RFP’s)
• Compliance Oversight (Primary | Must have)
• Ensure the organization’s compliance with relevant laws, regulations, and standards (e.g., GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2); should be an SME for compliance
• Implementation of minimum 3 standards from GDPR, HIPAA, ISO 27001, ISO 27701, DPDP, SOC 2
• Lead internal and external audits and manage responses to audit findings
• Product Security Practices (Primary | Must have)
• Integrate security practices into the software development lifecycle (SDLC) and review the releases based on the established Secure SDLC processes
• Review the Products from time to time checking the availability of enterprise security features
• Cloud & Infra Security (Secondary | Good to have)
• Implement, review and maintain robust security controls for cloud platforms (AWS/Azure/GCP) as per the industry best practices (DevSecOps)
• Perform security assessments/reviews and VA scans (non-mandatory) on cloud infra.
• Cybersecurity (Secondary | Good to have)
• Knowledge on Cyber Attack Vectors, Cyber Threat Intelligence, Attack Surface Mgmt., etc.
• Adequate knowledge on Incident Response, Business Resilience and Risk Management

Other responsibilities

• To act as a Security & Privacy champion/catalyst for all functions/BUs within the Company
• This role needs an avert-risk mindset and should handle Incident Management (able to Identify, Analyze, and Resolve Security Incidents)
• Contribute to the Cloud & CyberSecurity roadmap and act as an internal advisory/consultant
• Training entire staff about security and privacy best practices whenever necessary

Experience & Other Requirements

• Degree/Diploma in Computer Science / Information Technology / Cybersecurity or equivalent
• 3+ years (3-7) of experience in information security, with a focus on compliance
• Proven track record in implementing security and compliance policies & controls in a Product based Product company (preferably in a SaaS-based company)
• At least 3 years of working and implementation knowledge for any three of the compliances (ISO 27001, 27701, GDPR, HIPAA, SOC 2, DPDP)
• Good to have working knowledge of Cloud security practices & involved in DevSecOps activities
• Good research mindset with a zeal to explore, learn, share, and implement
• Preferable who can join in 30 days

About the company

KPMG International Limited, commonly known as KPMG, is one of the largest professional services networks in the world, recognized as one of the "Big Four" accounting firms alongside Deloitte, PricewaterhouseCoopers (PwC), and Ernst & Young (EY). KPMG provides a comprehensive range of professional services primarily focused on three core areas: Audit and Assurance, Tax Services, and Advisory Services. Their Audit and Assurance services include financial statement audits, regulatory audits, and other assurance services. The Tax Services cover various aspects such as corporate tax, indirect tax, international tax, and transfer pricing. Meanwhile, their Advisory Services encompass management consulting, risk consulting, deal advisory, and other related services.

Application Link for quick response-  https://forms.gle/wFPNPLK4XE5L7MRk8

Job Description

Position: Chief Risk Officer 

Education Qualification: Bachelor's degree in finance, business administration, economics, or a related field

Experience: 12-14 years

Location:  Pan India with potential requirement to travel to the middle east

Employment Type:  contract for 6-12 months (Hybrid)

Responsibilities:

1. Enterprise Risk- ERM Framework: Implement a comprehensive risk management framework addressing operational, financial, and reputational risks.
2. Operational Risk: Identify and mitigate risks from internal processes and external threats (e.g., cybersecurity) and produce annual entity specific Risk Assessment.
3. Compliance Risk: Ensure adherence to QFCRA regulations and collaborate with the CCO and MLRO to manage compliance risks.
4. Risk Reporting: Provide regular risk reports to senior management and the board.
5. Produce annual entity specific Risk Appetite Statement.
6. Portfolio Investment Risk
7. Risk Assessment: Regularly analyze and monitor market, credit, and liquidity risks in the investment portfolio.
8. Risk Limits: Set and enforce risk limits aligned with the firm’s strategy and regulatory requirements.
9. Performance Monitoring: Track portfolio performance against risk benchmarks and report exposures to senior management.
10. Mitigation Strategies: Advise on hedging, diversification, and other techniques to manage investment risks.

Designation: Financial Manager 

• Exp: 8-10 Years
• CTC: up tp 30 LPA

Regulatory, Contractual & US Healthcare compliances:

• Ensure compliance to HIPAA & Hi-Tech requirements framework through audits, policy updates, external certifications, internal awareness, etc.
• Periodically update policies and document new procedures / guidelines to update the compliance plan in line with operating changes.
• Work with legal & training teams to drive the compliance programs for awareness and update of important US healthcare regulations as applicable to business.
• Work with VP, Finance, HR & Legal team across all locations to consolidate & present the compliance to regulatory requirements periodically to LT and Audit Committee.
• Update the customer contractual checklists and monitor compliance to same through periodic reviews
• Train the team on compliance programs to deliver standard compliance experience across the locations.
• Enterprise risk management (ERM), Management reviews, Investigations & Internal Audits

Cab Boundary line- 

• Navi Mumbai to Ghatkopar
• Navi Mumbai to Panvel (Ulwe not covered)
• Navi Mumbai to Kalyan

Role/ Job Title: Specialist-IT Governance & Compliance (IT Operational Risk Management)

Function/ Department: Information Technology

Roles & Responsibilities:

• Review of Policies, Product Notes, Product notes / Standard Operating Procedures from Operational Risk perspective and documentation of risk register for banking channels/products for e.g. Internet banking, Mobile Banking, UPI, Corporate Internet Banking, ENACH, E-Toll, SMS, IVR Banking etc. and IT & ISG
• Control Self testing to be conducted, to evaluate efficiency of controls claimed as per the Risk and Control Matrix.
• Identification and monitoring of Key Risk Indicators (KRI’s) for units ensuring that deteriorating KRIs are tracked for resolution and remedial measures for getting back to acceptable levels.
• Tracking & Monitoring of Incidents reported, corrective/preventive actions taken in timely manner by assigned units for e.g. Digital banking units, IT and ISG. Investigating the same and assuring that necessary corrective action and preventive action are provided by the unit before finalizing the same with the ORM team.
• Review of the action points implemented and leading the remediation of the Audit observations to closure whereby the controls implemented stand the test of review and avoidance of recurrence.
• Defining, implementing and functionalizing a Risk Management Frameworks and Programs in collaboration with various stake holders.
• Strengthen Operational Risk Framework and ensure implementation and governance process through periodic MIS and engagements with stake holders on remedial plans.
• Help and train stakeholders in ensuring adherence to Operational Risk Frameworks.
• Senior Management reporting work such as preparation of presentations, minutes of meeting etc.
• Excellent written and verbal communications skills.

Required Skills:

• Technical, functional knowledge and experience of working in risk team and have relevant experience of working in Banking channels for e.g. Internet Banking & Mobile banking, UPI etc and IT and ISG areas.
• Shall have good knowledge and experience of Information Technology (IT) applications and IT/Information Security risks and controls review.
• Shall have good knowledge and understanding of Third party/vendor involvement and various fintech models involved in digital banking space.
• Ability to drive periodic updates to senior management and remediation programs in line with Risk Management Practices
• Ability to Drive Remediation Programs on corrective Action plans in a timely manner through effective governance.

Education Qualification (Fulltime):

Certified Chartered Accountant (CA)

Preferred Certifications: CISA, ISO27001/002 (ISMS), ISO22301(BCMS), CISM, CRISC.

Experience:

Minimum of 5+ Years in IT ORM, IT applications risks and controls reviews.