Grc Consultant

Role & responsibilities

Develop, implement, and maintain risk and governance frameworks.

• Guide teams/Handle client information security posture, identify the gaps/risks in the

existing environment and develop solutions to mitigate the identified gaps/risk.

• Recommend security solutions and enhancements aligned with business goals and threat

landscape.

• Conduct security risk assessments of third-party vendors and service providers.
• Define TPRM frameworks and integrate them into the overall risk management program.
• Perform cybersecurity maturity assessments using established frameworks such as NIST

CSF, NIST-800-53, ISO 27001

• Frontend teams for ISO 27001 based Information Security Management System

implementation and sustenance-based projects.

• Lead risk identification, evaluation, mitigation, and monitoring activities.
• Deliver actionable insights and improvement roadmaps based on assessment results.
• Understand and evaluate application security architectures, including secure SDLC

practices, threat modelling and secure coding standards.

• Plan, execute, and report on comprehensive IT and OT security audits.
• Lead teams or work as team member to conduct Information Systems audits covering IT

infrastructure assets.

• Manages security and cyber strategy projects, guides the team on a day-to-day basis and

ensures that assigned tasks and responsibilities are fulfilled in a timely fashion.

• Responsible to assist client in review / implement Information Security controls in areas as

mentioned, but not limited to: Change management process, Incident management

Conduct and support PCI DSS assessments and gap analysis.

• Provide guidance for remediation efforts to ensure ongoing compliance.
• Demonstrates understanding of complex business and information technology

management processes.

• Ensure compliance with cybersecurity guidelines and regulations issued by RBI, SEBI,

IRDA, BCAS, NCIIPC, and other relevant bodies.

• Track evolving regulatory requirements and integrate changes into the cybersecurity

program.

• Understanding of cloud service models and security controls across major platforms (AWS,

Google Cloud, Azure).

• Plan and execute ITGC control testing covering areas such as access management, change

management, and operations controls. Identify control gaps and support remediation

efforts.

• Interacts with clients, managers, and partners to build and nurture strong relationships.
• Tailors firm tools and methodologies as per client requirements.

Preferred candidate profile

B. E/ B-Tech (Tier 1/2) or masters degree in information security, Computer Science, or a

related field

• Professional certifications such as CISSP, CISA, CISM, CRISC, ISO 27001 LA/LI, ISO 31000

LA/LI, ISO 22301 LA/LI, CISA, ITIL or PCI QSA are preferred.

• 4-9 years of relevant experience in cybersecurity consulting, risk management, and

compliance.

• In-depth knowledge of security frameworks and standards (e.g., NIST, ISO 27001,

COBIT).

• Strong analytical, communication, and stakeholder management skills