GRC Manager

About the Role

Uber's Engineering Security team is looking for a GRC Manager in India to lead our Risk Management, Compliance, Issue Management, and Third-Party Risk Management (TPRM) functions. This role will drive governance strategy, build scalable processes, and leverage AI and automation to increase efficiency and resilience across security operations.

What the Candidate Will Need / Bonus Points

---- What the Candidate Will Do ----

Leadership & Team Management

1. Provide leadership and mentorship to the GRC teams in India, fostering a collaborative and innovative work environment.
2. Collaborate with the global GRC team to deliver to the shared goal and objectives
3. Recruit, train, and develop security professionals to build a high-performing and resilient security organization.
4. Conduct performance evaluations, set goals, and provide feedback to team members to support their professional growth
5. Drive innovation by embedding AI and automation into core GRC activities.

1. Lead the team responsible for developing and implementing comprehensive risk management frameworks to identify, assess, and mitigate potential risks across the organization's infrastructure and operations.
2. Manage internal and external audits, remediation, and documentation.
3. Build and enforce GRC policies and controls integrated across business functions.
4. Integrate AI-driven analytics for predictive risk assessment and continuous compliance monitoring.

1. Oversee the TPRM lifecycle including risk assessments, contract reviews, and vendor monitoring.
2. Lead the issue management process, ensuring timely remediation and root cause analysis.
3. Implement continuous monitoring and reporting systems to enhance oversight and automation.

1. Champion the use of AI tools and automation to optimize compliance, monitoring, and reporting workflows.
2. Stay current with evolving security, risk, and regulatory landscapes.
3. Deliver metrics and executive-level reporting to drive informed decision-making.

1. Bachelor's in Computer Science, Cybersecurity, Risk Management, or related field.
2. 12+ years in GRC leadership within enterprise environments.
3. Strong knowledge of GRC frameworks, tools, and regulatory compliance.
4. Experience leading cross-functional teams and managing risk lifecycle processes.
5. Certifications such as CISA, CRISC, or similar.
6. Experience in incorporating automation and scripting for risk/compliance tasks.
7. Exposure to AI/ML applications in security and risk functions.

1. Advanced or specialized certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or similar.
2. Advanced knowledge of security and risk management frameworks and standards (e.g., NIST, ISO 27001, COBIT).
3. Deep understanding of the impact of emerging technologies and trends on risk and compliance.
4. Advanced proficiency in risk assessment and management, including quantitative and qualitative methods.
5. Strong leadership and project management skills
6. Exceptional interpersonal and communication skills, with a proven ability to build and maintain relationships with senior stakeholders.
7. Experience with automation and scripting for risk management processes.
8. Ability to design and implement comprehensive GRC architectures and frameworks.