GRC (Governance, Risk, and Compliance) Analysts build and maintain the control frameworks that keep organisations certifiable, auditable, and defensible in front of regulators. In India they work at TCS Risk, Infosys Risk Management, Wipro, and the Big-4 advisory practices, as well as at private-sector banks (HDFC, ICICI, Axis), fintechs (Razorpay, PhonePe, Cred), and GCCs where ISO 27001, SOC 2, PCI-DSS, and RBI Cyber Security Framework obligations land simultaneously. Day-to-day the job is a combination of control framework mapping (Annex A controls, Trust Services Criteria, PCI-DSS 4.0 requirements, NIST CSF 2.0 domains, RBI Master Directions), risk register maintenance, audit evidence collection, third-party risk assessments, policy authoring, and GRC platform administration on Archer, ServiceNow GRC, or OneTrust. Unlike a cybersecurity analyst who chases threats in real time, a GRC Analyst works on the structured proof that security controls are designed and operating effectively — bridging technical security teams, business units, and external auditors.