GRC Consultant (ISO 27001, SOC 2 & Pentesting)

Job Title: GRC Consultant (ISO 27001, SOC 2 & Pentesting)

Location:

Experience:

Employment Type:

Role Overview:

We are seeking a highly motivated and experienced GRC Consultant with strong expertise in ISO/IEC 27001 and SOC 2 implementation and assessments. The ideal candidate should also have a solid understanding of penetration testing and be comfortable handling client engagements independently.

This role will involve working closely with clients to assess, design, implement, and manage security governance frameworks, conduct audits, and provide actionable recommendations for compliance and risk mitigation.

Key Responsibilities:

• Lead and conduct ISO 27001 and SOC 2 readiness assessments, gap analyses, risk assessments, and control validations
• Guide clients through ISMS implementation and SOC 2 Trust Services Criteria alignment
• Prepare and present reports, documentation, and dashboards for management and auditors
• Work directly with client stakeholders including CISOs, IT Heads, and Audit/Compliance teams
• Support clients in creating and refining security policies, procedures, and evidence collection
• Conduct or support penetration testing and vulnerability assessments as needed
• Coordinate with internal technical teams and external auditors
• Stay updated with global security compliance standards, frameworks, and threat landscape
• Assist in proposal writing and client scoping calls when needed

Required Skills & Qualifications:

• Minimum 5 years of experience in Information Security / GRC roles
• Strong hands-on experience with ISO/IEC 27001 and SOC 2 frameworks
• Knowledge of risk management, data protection, business continuity, and audit lifecycle
• Experience conducting internal audits, security gap assessments, and control testing
• Basic to intermediate Pentesting skills (e.g., using Burp Suite, Nmap, Nessus, etc.)
• Excellent communication and client management skills
• Ability to work independently and drive deliverables in consulting environments
• Relevant certifications preferred: ISO 27001 LA, CEH, Security+, CISA, or equivalent

Nice to Have:

• Experience with other compliance frameworks like HIPAA, PCI-DSS, GDPR
• Familiarity with cloud security standards (e.g., AWS, Azure benchmarks)
• Exposure to tools like Metasploit, OWASP ZAP, SIEM platforms, etc.
• Knowledge of risk scoring tools and GRC platforms (e.g., Archer, ServiceNow GRC)