Grc Consultant

GRC Consultant

Key Responsibilities:

GRC Framework Implementation & Management:

Review Governance, Risk, and Compliance (GRC) frameworks aligned with industry standards and regulatory requirements.

Ensure that the organizations GRC strategies meet corporate, legal, and regulatory requirements.

Work with leadership to define GRC processes and controls to mitigate risks and ensure compliance with relevant regulations.

ISO 27001 Audits & ISMS Implementation:

Conduct internal audits for ISO 27001 compliance, evaluate the effectiveness of ISMS, and assess gaps in the existing information security framework.

Assist in the implementation, maintenance, and continuous improvement of the ISMS to comply with ISO 27001 standards.

Provide support in risk assessments, risk treatment, and corrective actions to maintain a robust ISMS.

Risk Management:

Conduct comprehensive risk assessments to identify, assess, and prioritize risks that could impact business operations, ensuring alignment with GRC frameworks.

Advise stakeholders on risk mitigation strategies and ensure implementation of controls to manage and reduce risk exposure.

Monitor the effectiveness of risk management strategies and make recommendations for improvements.

Policy Development & Documentation Review:

Review and create security policies, procedures, and documentation to ensure they align with GRC frameworks and regulatory requirements, including ISO 27001, and other applicable standards.

Regularly update security policies to reflect evolving compliance requirements and emerging risks.

Audit & Compliance Reporting:

Prepare detailed audit reports on GRC compliance status, identifying gaps, risks, and recommended actions.

Assist in the creation of audit checklists, audit plans, and the coordination of audits across various functions within the organization.

Communicate findings clearly and effectively to stakeholders and assist in tracking corrective actions.

Stakeholder Engagement & Training:

Collaborate with internal teams, external auditors, and third-party vendors to collect evidence and ensure compliance with GRC standards.

Provide training and guidance to internal teams on GRC-related processes, best practices, and regulatory updates.

Ensure all relevant stakeholders are informed of their roles and responsibilities in managing risk and compliance.

Continuous Improvement & Monitoring:

Proactively monitor and assess changes in regulatory requirements, industry standards, and emerging risks to ensure continuous GRC alignment.

Recommend improvements in GRC processes, tools, and technologies to enhance the organizations governance, risk management, and compliance posture.

Key Skills & Qualifications:

Experience

Knowledge:

Strong understanding of GRC principles and frameworks, including ISO 27001,GDPR, NIST, and other security standards.

In-depth knowledge of risk management principles, compliance regulations, and audit methodologies.

Familiarity with GRC tools (e.g., RSA Archer, MetricStream, etc.) is a plus.

Skills:

Strong ability to conduct risk assessments, audits, and internal assessments across various compliance frameworks.

Excellent written and verbal communication skills, with the ability to prepare detailed reports and present findings to senior management.

Strong analytical skills with the ability to assess complex regulatory requirements and provide actionable solutions.

Proficient in developing, updating, and reviewing policies and procedures.

Certifications:

ISO 27001 Lead Auditor or Implementer certification (preferred).

Certifications such as CISA, CISSP, CISM, or GRCP (GRC Professional Certification) are desirable.

Soft Skills:

Strong problem-solving and analytical abilities.

Ability to work independently, as well as collaboratively, within a cross-functional team.

Detail-oriented with the ability to prioritize tasks and meet deadlines in a dynamic environment.

Why Join Us?

Competitive salary and benefits.

Opportunities for career advancement and professional development in the growing field of GRC.

Work in a collaborative, dynamic environment with a focus on continuous improvement and innovation in risk management and compliance.

How to Apply:

Immediate joiner are preferable.