GRC Analyst

As a GRC Analyst, your role involves supporting customer organizations" governance, risk, and compliance initiatives to maintain a secure and compliant environment. You will work closely with cross-functional teams to ensure compliance with industry standards and develop risk management frameworks. Your key responsibilities include: - Supporting the implementation and maintenance of ISO 27001:2022 standards by ensuring compliance with security controls and preparing for internal and external audits. - Assisting in conducting internal audits and security assessments, validating evidence for compliance with regulatory requirements. - Collaborating with senior team members during external compliance assessments and audits, providing support in audit preparation, evidence collection, and report generation. - Identifying and documenting security risks, assessing their impact, and supporting the development of risk mitigation strategies. - Contributing to the development and updating of information security policies, procedures, and related documentation in alignment with ISO 27001 and other regulatory frameworks. - Participating in the monitoring and review of security controls to enhance their effectiveness and alignment with business objectives. - Providing analysis and reporting on security control performance, identifying areas for improvement, and supporting corrective actions. - Gathering and validating technical evidence for compliance reviews and audits, maintaining thorough and accurate documentation. - Assisting in preparing detailed reports summarizing audit findings, risk assessments, and policy updates for leadership review. - Communicating security and compliance requirements clearly to team members and stakeholders, ensuring understanding and alignment across the organization. - Collaborating with cross-functional teams to integrate GRC activities with broader business processes and goals. - Maintaining accountability for assigned tasks, meeting deadlines, and completing deliverables with attention to detail. - Ensuring a customer-centric approach by understanding client and stakeholder needs and delivering value-added solutions. - Demonstrating a proactive attitude toward learning and development in GRC and information security practices. Your deliverables and outcomes will include: - Building and maintaining strong customer relationships, incorporating their business goals into the security program. - Successfully completing project tasks on time. - Enabling customers to comply with regional IS regulations and keeping them informed of emerging cybersecurity threats. - Identifying, assessing, and enhancing customer environment security controls to meet industry standard benchmarks. - Developing, documenting, and communicating comprehensive Information Security framework policies and procedures. - Monitoring adherence to legal and regulatory requirements. - Assisting in defining customer risk appetite, performing risk assessments, and implementing Risk Treatment Plans. Key Skills required for this role: - Customer relationship management and relationship building. - Knowledge of ISO 27001:2022 standard clauses and ISO 27002 Annexure Control guidance. - Understanding information security principles (CIA) and their application to information system security. - Technical know-how for evidences validation based on ISO 27002 Annex guidelines in Security Assessments and assurance audits. - Creating detailed reports and presentations on Security assessments/audits findings/observations. - Writing/Documenting organization-level security policies, processes, and procedures in collaboration with stakeholders. Competencies essential for this role: - Analysis Skills - Customer Focus - Communications (Oral & written) - Energy/Passion - Problem-Solving Skills,