GRC Analyst

Job Description

Job_Description":" About Us Tsaaro Consultings prime focus is on Data Privacy and Security. Our team of specialist Data Privacy Consultants, Information Security Consultants, and penetration testers help and advise our Clients to make running a secure business easier with high efficiency. Everything We do is tailored to the individual, and organizational requirements, aligned with their budget and resource challenges. We take a pragmatic, risk-based approach to provide our clients with real-world, workable advice, guidance, and support That helps them to deal with a wide range of security and privacy-related challenges. At Tsaaro, we adopt a pragmatic, risk-based strategy to deliver practical and effective advice. By providing real-world guidance, support, and actionable recommendations, we confidently equip our clients to address a broad spectrum of security and privacy challenges. Looking to take your career in a new, high-impact direction? Tsaaro Consulting is seeking for a highly skilled and experienced GRC Analyst , this role is for those eager to transition into data privacy and information security, with hands-on experience and mentorship from industry experts. Responsibilities: Assist in the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001 standards. Monitor and ensure compliance with ISO 27001, making sure controls are in place and effectively operating across the organization. Conduct regular assessments to ensure adherence to regulatory, contractual, and internal security requirements. Coordinate internal audits and provide support for external ISO 27001 audits. Prepare documentation, assist with gathering evidence, and address findings to ensure timely closure of audit actions. Maintain and update ISMS documentation, policies, and procedures. Ensure that security controls, risk assessments, and audit records are accurately documented and up to date. Support the delivery of security awareness and training programs related to ISO 27001 standards. Foster a culture of security awareness across the organization. Support incident response processes and prepare crisis management plans, ensuring incidents are logged, analyzed, and resolved. Participate in root cause analysis and implement corrective actions to prevent recurrence. Collaborate with cross-functional teams to identify, assess, and prioritize security risks. Assist in developing risk mitigation strategies and track the progress of risk treatment plans. Proactively identify opportunities to enhance the ISMS framework, suggesting improvements to policies, processes, and tools to ensure they are efficient and effective. Requirements Minimum of 2 years in Governance, Risk, and Compliance (GRC) roles, with a focus on ISMS and ISO 27001. Bachelors degree in Information Security, Computer Science, Business Administration, or a related field (preferred). Excellent analytical and problem-solving skills. Strong understanding of regulatory requirements and industry standards related to information security. Proficiency in risk assessment methodologies and risk management practices. Strong communication and interpersonal skills. Ability to work effectively both independently and as part of a team. Experience with security incident response and crisis management. Familiarity with data protection regulations and privacy laws. Certification in ISO 27001 Lead Auditor or Lead Implementer (preferred). Experience in developing and delivering security awareness training programs. Benefits Competitive salary and performance-based bonuses. Professional development opportunities, including training and certifications. Flexible working hours. Collaborative and inclusive work environment. Opportunity to work with a passionate team dedicated to making a difference in data privacy and security. ","