Cybersecurity GRC Consultant

Job Title: Cybersecurity GRC Consultant

Experience:

Location:

Notice Period:

Job Overview:

Cybersecurity GRC Consultant

Key Responsibilities:

• Act as a subject matter expert on information and cybersecurity GRC services and solutions.
  
• Conduct security assessments of on-premise and cloud-based IT environments aligned with business goals and compliance standards.
  
• Test and validate IT security controls; document findings and prepare detailed reports for stakeholders.
  
• Execute internal audits under CISO directives, contribute to risk mitigation strategies, and present risk metrics to the CISO regularly.
  
• Apply working knowledge of the

  Digital Personal Data Protection Act, 2023

  and global data protection regulations such as GDPR.
• Manage and utilize GRC tools and platforms for assessments and reporting.
  
• Perform security control evaluations on enterprise systems, mobile, and web applications.
  
• Support third-party risk management processes and client-facing compliance activities.
  
• Lead and deliver complex GRC projects in fast-paced environments.
  
• Share knowledge and best practices to elevate team competencies.
  
• Continuously improve cybersecurity frameworks and strategies in response to emerging threats and technologies.
  

Qualifications:

• Bachelor’s degree in Engineering, Computer Science, or a related technology discipline.
  

Mandatory Certification:

• CISA or ISO 27001 Lead Auditor certification
  

Preferred Certifications:

• ISO 27001 Lead Implementer
  
• CISSP, CIPP, CCSK, or CCSP
  
• Public Cloud Certifications (AWS, Azure, GCP)
  

Experience:

• 6–10 years of professional experience with significant exposure to IT and cybersecurity GRC domains.
  
• Hands-on experience in internal audits, IT risk consulting, and cybersecurity advisory roles.
  

Desired Skills:

• Strong understanding of information security principles, frameworks, and regulatory landscapes.
  
• Familiarity with IT infrastructure, application development, and cloud environments.
  
• Experience with security tools like vulnerability scanners and secure code review platforms.
  
• Proficient in frameworks and standards such as ISO 27001/27005, NIST CSF, PCI DSS, SOC 1/2, GDPR, and COBIT.
  
• Excellent communication, documentation, and stakeholder management skills.
  
• Demonstrated ability in project and program management related to cybersecurity.