Job
Description
As a GRC Analyst, you will play a crucial role in supporting your customer organization's governance, risk, and compliance initiatives to maintain a secure and compliant environment. Working closely with cross-functional teams, your key responsibilities include: - Supporting the implementation and maintenance of ISO 27001:2022 standards by ensuring compliance with security controls and preparing for internal and external audits. - Assisting in conducting internal audits and security assessments to validate compliance with regulatory requirements. - Collaborating with senior team members during external compliance assessments and audits, aiding in audit preparation, evidence collection, and report generation. - Identifying and documenting security risks, assessing their impact, and contributing to the development of risk mitigation strategies. - Contributing to the development and updating of information security policies, procedures, and related documentation in alignment with ISO 27001 and other regulatory frameworks. - Participating in monitoring and reviewing security controls to enhance their effectiveness and alignment with business objectives. - Providing analysis and reporting on security control performance, identifying areas for improvement, and supporting corrective action implementation. - Gathering and validating technical evidence for compliance reviews and audits while maintaining thorough and accurate documentation. - Assisting in preparing detailed reports summarizing audit findings, risk assessments, and policy updates for leadership review. - Communicating security and compliance requirements clearly to team members and stakeholders to ensure understanding and alignment across the organization. - Collaborating with cross-functional teams to integrate GRC activities seamlessly with broader business processes and goals. - Ensuring accountability for assigned tasks by meeting deadlines and completing deliverables with attention to detail. - Adopting a customer-centric approach by understanding client and stakeholder needs and delivering valuable solutions. - Demonstrating a proactive attitude towards learning and development to improve knowledge and skills in GRC and information security practices. In addition to your role responsibilities, you will: - Help build and maintain strong customer relationships, ensuring business goals are met and incorporated into the security program. - Successfully complete project tasks on time. - Enable customers to comply with regional IS regulations and keep them informed of emerging cybersecurity threats. - Support in the identification, assessment, and enhancement of customer environment security controls to meet industry standard benchmarks. - Develop, document, and communicate comprehensive Information Security framework policies and procedures. - Continuously monitor adherence to legal and regulatory requirements. - Assist in defining customer risk appetite, performing risk assessments, and implementing Risk Treatment Plans. Key Skills Required: - Customer relationship management and relationship building - Knowledge of ISO 27001:2022 standard clauses and ISO 27002 Annexure Control guidance - Understanding of information security principles (CIA) and their application in information system security - Technical know-how for evidences validation based on ISO 27002 Annex guidelines in Security Assessments and assurance audits - Ability to create detailed reports and presentations on Security assessments/audits findings/observations - Writing and documentation of organization-level security policies, processes, and procedures in collaboration with stakeholders Competencies: - Analysis Skills - Customer Focus - Communications (Oral & Written) - Energy/Passion - Problem-Solving Skills As a GRC Analyst, you will play a crucial role in supporting your customer organization's governance, risk, and compliance initiatives to maintain a secure and compliant environment. Working closely with cross-functional teams, your key responsibilities include: - Supporting the implementation and maintenance of ISO 27001:2022 standards by ensuring compliance with security controls and preparing for internal and external audits. - Assisting in conducting internal audits and security assessments to validate compliance with regulatory requirements. - Collaborating with senior team members during external compliance assessments and audits, aiding in audit preparation, evidence collection, and report generation. - Identifying and documenting security risks, assessing their impact, and contributing to the development of risk mitigation strategies. - Contributing to the development and updating of information security policies, procedures, and related documentation in alignment with ISO 27001 and other regulatory frameworks. - Participating in monitoring and reviewing security controls to enhance their effectiveness and alignment with business objectives. - Providing analysis
