Job Description

Designation : Consultant -GRC Certifications, Qualification And Experience Bachelor / PG degree with any of the certifications - ISO 27001, CBCP, CISA, CISM, CRISC, CISSP 2 years to 20 years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or cyber security compliance management. Job Description Implements security controls, risk assessment framework (ISO 31000, NIST), and program that align to regulatory requirements, ensuring documented and sustainable compliance that aligns and advances client business objectives. Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves client security positioning through process improvement, policy, automation, and the continuous evolution of capabilities. Implements processes, such as GRC (governance, risk and compliance), to automate and continuously monitor information security controls, exceptions, risks, testing. Develops reporting metrics, dashboards, and evidence artifacts. Defines and documents business process responsibilities and ownership of the controls in GRC tool (e.g. ServiceNow GRC, Archer, OneTrust, SAP GRC). Schedules regular assessments and testing of effectiveness and efficiency of controls and creates GRC reports. Updates security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and compliance such PCI DSS, SOX, SOC2, HIPAA, RBI Guideline, ISO standards Performs and investigates internal and external information security risk and exceptions assessments. Assess incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks. Documents and reports control failures and gaps to stakeholders. Provides remediation guidance and prepares management reports to track remediation activities. Assists other staff in the management and oversight of security program functions. Trains, guides, and acts as a resource on security assessment functions to other departments within Client sites. Remains current on best practices and technological advancements and acts as the Client’s technical resource for security assessment and regulatory compliance. Performs other related duties as assigned. Show more Show less