Cyber Security GRC Consultant (Hybrid: Pune)

Cybersecurity GRC

Key Responsibilities

• Assist in the design, implementation, and maintenance of cybersecurity GRC frameworks (ISO 27001, NIST, COBIT, etc.)
• Support the implementation of GRC frameworks (ISO 27001, NIST, COBIT) across various functions.
• Assist in drafting and updating cybersecurity policies, procedures, and control documentation.
• Conduct and document basic IT/cybersecurity risk assessments and internal control reviews.
• Maintain portions of the risk register and support the tracking of mitigation plans and KRIs.
• Assist in internal/external audit activities, including control testing and evidence collection.
• Perform initial third-party risk reviews and support due diligence documentation.
• Track audit findings and help monitor remediation efforts to closure.
• Contribute to compliance with global cybersecurity regulations (SOX, GDPR, DPDP, PCI-DSS).
• Help prepare GRC dashboards and reports for internal stakeholders.
• Collaborate with IT, legal, privacy, and compliance teams to support GRC initiatives.
• Stay current on regulatory changes and industry standards impacting cybersecurity.
• Support security awareness campaigns and participate in user training initiatives.
• Work with GRC tools (e.g., Archer, ServiceNow GRC, or Excel-based trackers) to manage workflows and data.

Primary Skills:

• Governance, Risk & Compliance (GRC)
• Information Security Policies & Standards
• IT Risk Assessment
• ISO 27001 / NIST / SOC 2
• Regulatory Compliance (SOX, GDPR, PCI-DSS, DPDP)
• ITGC & Control Testing
• Internal Audit Support
• Risk Register Maintenance
• Documentation & Reporting
• Third-Party Risk Support
• Cybersecurity Awareness Support

Secondary Skills

• Audit Remediation Tracking
• Vendor Due Diligence Support
• Data Privacy & Protection Awareness
• SLA / Contract Review (Basic Level)
• KPI/KRI Reporting (Support Role)
• Change Risk Assessment Participation
• Business Continuity (BCP/DR) Awareness
• Familiarity with emerging regulations (DORA, DPDP, etc.)
• GRC Tools (e.g., Archer, ServiceNow GRC, Excel Trackers)

Desired Qualifications

• Bachelor’s degree in Information Technology, Cybersecurity, Computer Science, or a related field
• 1–5 years of experience in GRC, IT audit, risk management, cybersecurity, or compliance roles.
• Foundational knowledge of IT control and compliance frameworks (ISO 27001, NIST, SOC 2, COBIT).
• Understanding of regulatory environments and compliance needs (e.g., GDPR, SOX, PCI-DSS, DPDP).
• Strong analytical, documentation, and communication skills.
• Willingness to learn and adapt in a fast-paced cybersecurity environment.
• Certifications like ISO 27001 Foundation, CISA (beginner level), or CompTIA Security+ are a plus.