GRC Consultant- (Governance, Risk, Compliance, ISO 27001)

Job Title: GRC Consultant (Governance, Risk, Compliance, ISO 27001)

Location:

Job Type:

Experience

Introduction:

GRC Consultant

ISO 27001 Audits & ISMS Implementation:

• Lead internal audits and gap assessments for ISO 27001 compliance.
• Assist in

  planning, implementing, maintaining, and improving the Information Security Management System (ISMS)

  as per ISO 27001 standards.
• Maintain and update the

  Statement of Applicability (SoA)

  and Risk Treatment Plans.
• Identify non-conformities and drive corrective/preventive actions.
• Coordinate external ISO 27001 surveillance and certification audits.

1. 📝

   Policy Development & Documentation:

• Create, review, and update policies and procedures to meet GRC and ISO 27001 standards.
• Ensure documentation reflects current compliance requirements and emerging risks.
• Map controls to policies and ensure alignment with audit and regulatory expectations.

GRC Framework Implementation & Management:

• Design and implement GRC frameworks aligned with international standards and regulatory requirements.
• Collaborate with senior leadership to define key risk indicators (KRIs), controls, and governance procedures.
• Maintain GRC registers, including asset inventory, risk register, and control mapping.

Risk Management:

• Conduct information security risk assessments using structured methodologies.
• Evaluate and prioritize risks based on likelihood and impact.
• Develop risk mitigation strategies and assist with control implementation and monitoring.

Audit & Compliance Reporting:

• Prepare comprehensive audit reports highlighting compliance status, gaps, and risk exposure.
• Track implementation of corrective actions post-audit and maintain audit trails.
• Assist in the preparation of audit plans, checklists, and evidence collection processes.

Stakeholder Engagement & Training:

• Collaborate with business functions, IT, external auditors, and vendors to ensure audit readiness and policy compliance.
• Conduct awareness programs and training sessions on ISO 27001, information security best practices, and GRC responsibilities.
• Promote a culture of compliance and continuous improvement across departments.

Continuous Monitoring & Improvement:

• Stay updated with changes in ISO standards, cybersecurity threats, and regulatory requirements.
• Recommend and implement improvements in policies, controls, and audit processes to maintain an effective GRC posture.

Key Skills & Qualifications: 🎓

• 2–3 years in GRC, ISO 27001 implementation/audits, policy management, and ISMS operations.

Knowledge:

• In-depth understanding of ISO 27001, NIST, GDPR, and other information security and privacy standards.
• Strong grasp of risk management frameworks and internal control systems.
• Familiarity with GRC tools (e.g., RSA Archer, MetricStream) is an advantage.

Skills:

• Expert in writing and implementing security policies and procedures.
• Strong auditing, documentation, and risk assessment capabilities.
• Excellent analytical, communication, and project coordination skills.

Certifications:

• ISO 27001 Lead Auditor or Lead Implementer certification (preferred).
• Additional certifications such as CISA, CISM, CISSP, or GRCP are a plus.

Soft Skills:

• Self-motivated and accountable.
• Strong attention to detail and organizational skills.
• Ability to work cross-functionally and manage multiple priorities.

Why Join Us?

✔️ Competitive compensation package.

✔️ Opportunity to lead ISO 27001 projects and policy frameworks

✔️ Growth in the high-demand area of Governance and Information Security

✔️ Collaborative work culture focused on compliance, innovation, and security excellence.

How to Apply: