GRC Consultant

As a GRC Consultant at Tinycrows Private Limited, you will be responsible for interpreting and implementing regulatory guidelines into actionable compliance frameworks. Your expertise will be crucial in providing guidance on GRC best practices and cybersecurity strategies to clients. You will develop and implement security policies, procedures, and standards tailored to meet the specific needs of each client. Additionally, you will assist in developing and reviewing ISMS policies, procedures, and third-party risk management frameworks. Your role will also involve conducting security assessments and gap analysis against various frameworks such as NIST, ISO 27001, CIS, and DPDPA. Key Responsibilities: - Interpret and implement regulatory guidelines (DPDP Act, RBI, SEBI, IRDAI, UIDAI, CERT-In, etc.) into actionable compliance frameworks. - Provide expert guidance to clients on GRC best practices and cybersecurity strategy. Develop and implement security policies, procedures, and standards tailored to client needs. - Assist in developing and reviewing ISMS policies, procedures, and third-party risk management frameworks. - Conduct security assessments and gap analysis against frameworks such as NIST, ISO 27001, CIS, DPDPA. - Assist clients in preparing for and responding to audits and compliance reviews. Create and maintain risk registers and dashboards for client reporting. - Perform risk assessments to identify, analyze, and prioritize cybersecurity risks. Develop and maintain risk mitigation strategies and controls. Key Skills: - Excellent written and verbal communication skills along with the ability to work independently. - Strong analytical and problem-solving abilities. - Strong project management and organization skills. - Proficiency in Microsoft Office. - Strong understanding of cybersecurity regulatory frameworks. Preferred Qualifications: - Familiarity with frameworks and standards such as ISO 27001, NIST CSF, PCI-DSS, etc. - Familiarity with regulatory frameworks such as DPDP Act, RBI, SEBI, IRDAI, UIDAI, CERT-In, etc. - Solid understanding of DPDP Act, 2023, including consent management, data processing, and data fiduciary obligations. Certifications preferred: - ISO 27001 LA, CISA, CISM, CIPM, or equivalently recognized certifications. Experience: - 4+ years of experience in GRC, compliance consulting, or information security risk management. - Proven experience in developing and implementing security policies and procedures. - Experience with risk management methodologies and tools. Joining Tinycrows will provide you with the opportunity to be part of the core founding team and contribute to building security from the ground up. You will have close collaboration with founders and key stakeholders, ensuring that your work directly influences strategic decisions. Additionally, you will work in a fast-paced, agile environment where innovation and curiosity are encouraged. You will have end-to-end ownership of security assessments, tooling, and strategy, leading to a steep learning curve and exposure to a wide variety of technologies and attack surfaces. Tinycrows offers a collaborative team culture with support for skill-building and certifications, allowing you to expand your role and accelerate your career path.,