GRC Specialist in Kharian City, Punjab at ACE Money Transfer

About Us:

ACE Money Transfer is a UK-based multinational company headquartered in Manchester, United Kingdom. ACE Money Transfer provides online remittance services to individuals in 29 countries across the UK, Europe, Canada, and Australia, enabling them to send money across borders in over 100 countries.

About the Role

We are seeking a Mid-level GRC Specialist to join our Risk & Compliance function within a dynamic financial services environment. In this role, you will be responsible for designing, implementing, and maintaining a robust governance, risk, and compliance framework that spans regulatory adherence, cybersecurity controls, internal audit, and enterprise risk management. You will serve as a subject matter expert across GRC disciplines, working closely with senior leadership, business units, and external regulators.

Key Responsibilities

Governance & Policy

• Develop, maintain, and enforce enterprise-wide governance frameworks, policies, and procedures in alignment with regulatory requirements and industry best practices.
• Manage the policy lifecycle, including drafting, review cycles, approvals, and communication across the organization.
• Support board-level governance reporting, including preparation of risk committee materials and management information.

Risk Management

• Lead enterprise risk assessments and maintain a dynamic risk register covering cyber, credit, operational, market, and reputational risk categories.
• Design and monitor Key Risk Indicators (KRIs) and escalate material risks to senior management in a timely manner.
• Facilitate risk workshops with business owners and provide expert guidance on risk mitigation strategies and treatment plans.

Compliance & Regulatory

• Monitor applicable regulatory developments (e.g., DORA, GDPR, CBI equivalents) and assess impact on business operations.
• Manage regulatory submissions, compliance attestations, and correspondence with regulatory bodies.
• Conduct compliance gap analyses and drive remediation efforts to closure.

Cybersecurity / IT GRC

• Maintain the IT risk and control framework aligned with standards such as ISO 27001, NIST CSF, or PCI-DSS.
• Collaborate with IT and Information Security teams on third-party risk assessments, vendor due diligence, and data privacy controls.
• Support cybersecurity incident response from a compliance and governance perspective.
• Ensure technology-related risks are appropriately captured in the enterprise risk register.

Audit

• Act as the primary liaison for internal and external audits, coordinating information requests and management responses.
• Track audit findings and ensure timely, effective remediation by responsible business owners.
• Support the development of the internal audit plan based on risk-based prioritization.
• Conduct self-assessment exercises (CSA/RCSA) and facilitate control testing across business units.

Qualifications & Experience

Essential

• 2-3 years of GRC experience within banking, insurance, asset management, or financial technology.
• Demonstrated experience managing risk registers, control frameworks, and compliance monitoring programmes.
• Hands-on experience with IT/cyber risk and familiarity with ISO 27001, NIST, or equivalent frameworks.
• Proven ability to prepare executive-level reporting and present findings to senior management and board committees.
• Professional certification(s): CISA, CISM, or ISO 27001 Lead Auditor (LA) - any one or more is a strong plus.

Preferred

• Master's degree in Information Security, Cybersecurity, Computer Science, or a related discipline.
• Experience with GRC platforms (e.g., Sprinto, ServiceNow GRC, Vanta or similar).
• Additional certifications such as CRISC, CGEIT, or CFE are an advantage.
  ACE Money Transfer Profile: https://acemoneytransfer.com/company-profile