GRC Professional

Key Responsibilities:

• Serve as a

  subject matter expert

  on information and cybersecurity governance, risk, and compliance (GRC) services and solutions.
• Execute security assessments of on-premise/cloud IT environments aligned with business objectives and regulatory requirements.
  
• Conduct testing and validation of IT security controls, documenting findings and preparing detailed reports.
  
• Manage and perform

  internal audits

  as per the

  CISO’s directives

  , contributing to risk posture improvements and present the metrics to the CISO on a regular basis.
• Apply knowledge of the

  Digital Personal Data Protection Act, 2023

  , and other global data protection laws.
• Utilize and manage GRC tools and platforms.
  
• Conduct security control assessments for web/mobile applications and enterprise systems.
  
• Drive third-party risk management and support client-facing initiatives.
  
• Deliver complex GRC projects in dynamic, fast-paced environments.
  
• Engage in knowledge-sharing forums to strengthen team capabilities.
  
• Continuously enhance the cybersecurity strategy based on evolving threats and technologies.
  

Job Requirements:

1. Qualifications:

• Bachelor’s degree in Engineering or a related technology discipline.
  
• 
  

• Mandatory Certification

  :
• Must possess

  CISA

  or

  ISO 27001 Lead Auditor

  certification.
• Additional certifications preferred:
  
• ISO 27001 Lead Implementer
  
• CISSP, CIPP, CCSK, or CCSP
  
• Public Cloud certifications (AWS, Azure, GCP)
  

2. Experience:

• 6 to 10 years

  of total experience with proven exposure to both

  IT and GRC functions

  .
• Experience in internal audits, consulting, and cybersecurity risk advisory.
  

3. Desired Skills:

• Deep understanding of information security principles and compliance frameworks.
  
• Strong understanding of the IT topology and application development principles
  
• Hands-on experience with security tools (e.g., vulnerability scanners, code review platforms).
  
• Strong exposure to IT/cybersecurity standards: ISO 27001/27005, NIST CSF, PCI DSS, SOC 1/2, GDPR, COBIT.
  
• Excellent communication skills, documentation abilities, and stakeholder engagement.
  
• Experience in program and project management within cybersecurity initiatives.
  

4. Personal Attributes

• Self-starter with strong problem-solving skills.
  
• Highly motivated and able to work with minimal supervision.
  
• Strong prioritizations and multitasking abilities under pressure.