Graduate Trainee Engineer - IT

Role & responsibilities

Position: GET - InfoSec GRC

Role Overview

The Executive Information Security GRC will support the organizations Governance, Risk & Compliance (GRC) initiatives with a focus on learning and assisting in ISO/IEC 27001:2022 implementation, audits, and compliance activities.

The role provides hands-on exposure to Information Security Management Systems (ISMS), risk management, internal audits, and security governance processes. This position is ideal for candidates starting their career in Information Security and GRC.

Key Responsibilities

ISO/IEC 27001:2022 Compliance & Audit

• Assist the team in implementing and maintaining the Information Security Management System (ISMS).
• Support audit preparation and evidence gathering for ISO 27001 certification and surveillance audits.
• Help maintain ISMS documentation such as the Statement of Applicability (SoA), Risk Treatment Plan (RTP), and related policies and procedures.
• Participate in internal audit activities and help track and close audit findings.

Governance, Risk & Compliance (GRC)

• Assist in identifying and documenting information security risks and controls.
• Support compliance checks against frameworks like ISO 27001, NIST CSF, and relevant regulations (e.g., SEBI CSCRF, GDPR).
• Help maintain logs of exceptions, deviations, and risk acceptance approvals.
• Participate in evidence collection and reporting for internal or external assessments.

Audit & Control Testing

• Learn and assist in IT General Controls (ITGC) and application control testing.
• Support preparation of audit reports, follow-up on findings, and coordinate with teams for remediation.

Awareness & Training

• Contribute to information security awareness programs, campaigns, and workshops.
• Encourage compliance with information security policies and standards across the organization.

Required Skills & Knowledge

• Basic understanding of information security principles and risk management concepts.
• Familiarity (academic or self-learned) with ISO/IEC 27001, NIST CSF, or similar frameworks.
• Awareness of IT controls, audits, and compliance processes is an advantage.
• Good communication, documentation, and coordination skills.
• Eagerness to learn and grow in the field of GRC and cybersecurity.

Education & Certifications

• Graduate in Information Technology, Computer Science, Cybersecurity, or a related field.
• ISO/IEC 27001:2022 Awareness or Internal Auditor certification (preferred but not mandatory).
• Any introductory certification such as CompTIA Security+, CISA (Foundation), or NIST CSF training is a plus.

Preferred candidate profile