Information Security GRC Analyst I

Job Title Information Security GRC Analyst I (Hybrid) Job Description For more than 80 years, Kaplan has been a trailblazer in education and professional advancement. We are a global company at the intersection of education and technology, focused on collaboration, innovation, and creativity to deliver a best in class educational experience and make Kaplan a great place to work. Our offices in India opened in Bengaluru in 2018. Since then, our team has fueled growth and innovation across the organization, impacting students worldwide. We are eager to grow and expand with skilled professionals like you who use their talent to build solutions, enable effective learning, and improve students’ lives. The future of education is here and we are eager to work alongside those who want to make a positive impact and inspire change in the world around them. The Information Security GRC Analyst I role will support and enhance IT governance, risk assessment, and compliance functions for the KNA organization. This position will be heavily involved in monitoring, maintaining, and improving elements of overall IT governance, enterprise risk management, and compliance with regulations and control frameworks such as ISO 27001, NIST, and COBIT. The Information Security GRC analyst I will focus on facilitating the review, development, implementation, and documentation supporting the ISMS policies, processes, procedures, and practices, while also identifying areas for improvement and efficiency. Primary/Key Responsibilities Support the development, implementation, and maintenance of IT governance frameworks (e.g., COBIT, ITIL), ensuring alignment with organizational and regulatory requirements. Oversee the lifecycle of IT policies and standards, including creation, review, approval, communication, and monitoring for compliance. Manage third party vendor risk, including AI and cloud service providers, by conducting due diligence, security and compliance assessments, contract/control reviews, and ongoing performance and risk monitoring. Support IT risk management by identifying, assessing, and tracking technology risks, maintaining risk registers, and coordinating mitigation and monitoring activities with control owners. Perform internal audits and assist in evidence collection for client audits and compliance frameworks, including but not limited to ISO 27001, PCI, SOX, SOC 1 & 2, and other relevant standards. Conduct phishing simulation campaigns, perform meaningful analysis of results, and manage the overall security awareness program to drive continuous improvement in user security behaviour. Provide expert support in the assessment, design, implementation, and ongoing enhancement of technical controls and processes, including reviewing IT systems and tools to ensure appropriate controls are in place. Collaborate with control owners and system administrators to review test findings, remediate IT control gaps, and drive improvements that enhance the quality, consistency, and operability of new and existing controls. Lead the completion of client security questionnaires and RFPs, ensuring accurate and timely responses. Hybrid Schedule: 3 days remote / 2 days in office 30-day notification period preferred Minimum Qualifications Bachelor’s degree in information systems (IS), Cybersecurity, or related field; or an equivalent combination of training and progressively responsible experience that will result in the required specialized knowledge and abilities to perform the assigned work in lieu of degree. 2+ years of audit, technical compliance, or information security experience. Strong understanding of IT governance, risk management, and compliance frameworks (e.g., ISO 27001, NIST, COBIT, PCI-DSS), with proven experience in conducting risk assessments, audits, and compliance initiatives. Self-motivated professional with excellent analytical, problem-solving, and communication skills, and the ability to work both independently and collaboratively in a fast-paced environment. Demonstrated ability to lead security projects and initiatives from conception to completion. Relevant certifications such as CISA, CISM, CRISC, or CISSP are highly desirable. Preferred Qualifications Understanding of networking protocols, encryption algorithms, Cloud security concepts and familiarity with industry recognised security technologies. Foundational understanding of Gen AI concepts, AI-specific risks, to ensure that internal AI initiatives align with emerging governance frameworks and ethical guidelines. Ability to automate security and operational tasks using scripting languages (e.g., Python, PowerShell, Bash). Beyond base salary, our comprehensive total rewards package includes: Hybrid work model provides a flexible work/life balance Voluntary Provident Fund is an additional voluntary contribution scheme associated with the statutory Employee Provident Fund (EPF) Our Gift of Knowledge Program provides tuition assistance and substantial discounts for our employees and close family members Comprehensive health benefits new hire eligibility starts on day 1 of employment Generous Paid Time Off includes National holidays(10), Earned leaves(15), sick leave(12), plus one (1) volunteer day to participate and give back to our local communities Gratuity is applicable upon completion of 5 years as per the Gratuity Act We are committed to providing a supportive and rewarding work environment where every employee can thrive. You can learn more about our full benefits package and total rewards philosophy here. At Kaplan, we believe in attracting, rewarding, and retaining exceptional talent. Our compensation philosophy is designed to be competitive within the market, reflecting the value we place on the skills, experience, and contributions of our employees, while taking into account labor market trends and total rewards. The specific compensation offered will be determined by a variety of factors, including but not limited to the candidate's qualifications, relevant experience, education, skills, and market data. Location Bangalore, KA, India Additional Locations Employee Type Employee Job Functional Area Information Security Business Unit 00091 Kaplan Higher ED Diversity & Inclusion Statement: Kaplan is committed to cultivating an inclusive workplace that values diversity, promotes equity, and integrates inclusivity into all aspects of our operations. We are an equal opportunity employer and all qualified applicants will receive consideration for employment regardless of age, race, creed, color, national origin, ancestry, marital status, sexual orientation, gender identity or expression, disability, veteran status, nationality, or sex. We believe that diversity strengthens our organization, fuels innovation, and improves our ability to serve our students, customers, and communities. Learn more about our culture here. Kaplan considers qualified applicants for employment even if applicants have an arrest or conviction in their background check records. Kaplan complies with related background check regulations, including but not limited to, the Los Angeles County Fair Chance Ordinance for Employers and the California Fair Chance Act. There are various positions where certain convictions may disqualify applicants, such as those positions requiring interaction with minors, financial records, or other sensitive and/or confidential information. Kaplan is a drug-free workplace and complies with applicable laws. Kaplan, Inc. is a global educational services company, with about 10,000 employees and operations in 26 countries. We serve 1.2 million students each year and partner with about 4,000 educational institutions and 13,000 corporations across the world. Kaplan is the largest subsidiary of Graham Holdings Company (NYSE: GHC). Across its 85-year history, first as a pioneer of the test prep industry, then as an early online education leader, and now as a global education provider, Kaplan has been recognized for expanding educational access and improving student outcomes through innovative uses of technology, instructional design, and learning science. We’ve been recognized as a Top Workplace for Innovators and Brands That Matter (Fast Company); and as one of America’s Top 100 employers (Forbes). Kaplan’s US-based businesses provide individuals, educational institutions, businesses and governments a broad array of services, supporting our students and partners to meet their diverse and evolving needs throughout their educational and professional journeys. Among the services provided are test preparation, coaching and advising, performance training, industry credentialing, and university support services, online enablement, analytics, and marketing. The test preparation and professional products are offered in the market under our brand names such as Kaplan, Kaplan Financial Education, Kaplan Schweser, PPI, College for Financial Planning, and Manhattan Prep. Headquartered in Fort Lauderdale, FL, employees who support Kaplan’s North America division work primarily remotely across the US and in our corporate campus in Bengaluru, India. California Worker Privacy Statement Questions? Please contact us at knarecruiting@kaplan.com.