GRC Specialist

We are looking for a detail-oriented and proactive GRC professional with hands-on experience in SOC 2 Type 1 and Type 2, NIST CSF, NIST SP 800-53 and ISO 27001 controls.

Job Responsibilities:

• Lead and support the implementation, maintenance, and continuous improvement of information security compliance programs, specifically focusing on SOC 2 Type 1 and Type 2, NIST Cybersecurity Framework (CSF), NIST Special Publications (SP 800-53), and ISO 27001.
  
• Develop, review, and update security policies, procedures, and guidelines to align with relevant compliance frameworks and regulatory requirements.
  
• Conduct risk assessments and gap analyses against SOC 2, NIST, and ISO 27001 controls to identify areas for improvement and ensure audit readiness.

• Prepare and compile documentation, evidence, and responses for audit requests efficiently and accurately.
  
• Support the identification, assessment, and mitigation of information security risks in accordance with established risk management frameworks (e.g., NIST RMF).
  
• Contribute to risk assessments and business impact analysis.
  
• Maintain comprehensive documentation of security controls, compliance activities, and remediation plans.
  
• Prepare regular reports on compliance status, key metrics, and areas of concern for management and stakeholders.
  
• Perform comprehensive third-party risk assessments to evaluate vendor compliance with information security policies.
  
• Develop and maintain TPRM processes to monitor and mitigate risks associated with external vendors.
  
• Ensure effective communication and documentation of third-party risk assessments.
  
• Assist in drafting and updating organizational policies and procedures for governance and compliance.
  

Job Specifications:

1. Qualification:

• Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
  
• Certifications – Security+, CEH, ISO 27001 Lead Implementer/Lead Auditor, CISA, CISM (good to have, but not mandatory)
  

2. Experience:

• Total Experience (1): 5-8 years
  
• Total Experience (2): 2-4 years
  

Knowledge and Experience:

• Demonstrable experience with the implementation and/or auditing of SOC 2 Type 1 and Type 2.
  
• Solid understanding and practical experience with NIST Cybersecurity Framework (CSF) and NIST Special Publications (e.g., SP 800-53).
  
• Knowledge of various security domains such as network security, application security, data privacy, and vulnerability management.
  
• Strong understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls
  
• Experience in delivery of Information Security risk and compliance advisory services
  
• Experience in management consulting and information security audits
  
• Experience around technology risk assessments
  
• Hands-on experience in GRC projects
  
• Proficient in preparation of reports, dashboards and documentation
  
• Ability to research and develop new risk-based security offerings
  
• Comfortable working in a project based / client serving model