IRAP - GRC Consultant

Key Responsibilities

IRAP & ISM Assessments

• Conduct IRAP-aligned gap assessments based on Australian Government ISM controls.
• Support internal readiness assessments to determine control maturity and compliance gaps.
• Perform evidence review, documentation mapping, control validation, and control testing.
• Prepare deliverables including gap reports, risk summaries, control testing sheets, and compliance reports.

GRC & Security Assessments

• Conduct assessments across policy, process, and technical control domains.
• Evaluate the design & effectiveness of information security controls.
• Document security risks, observations, and improvement areas.
• Develop risk treatment plans and remediation roadmaps.
• Recommend practical remediation actions aligned with IRAP and ISM expectations.

Client & Stakeholder Coordination

• Support clients in implementing process, documentation, and control enhancements.
• Track remediation status and maintain compliance dashboards.
• Prepare clear reports, presentations, and client communication materials.
• Adhere to Grant Thornton methodologies and ensure timely, high-quality delivery.

Engagement Management & Team Leadership

• Guide and mentor Consultants during assessments.
• Review deliverables prepared by junior team members.
• Manage work allocation, timelines, and day-to-day coordination for smaller engagements.

Expected Profile

Education

• Bachelors degree in Engineering, Computer Science, IT, or related field.
• MBA/PGDM is a plus.

Experience

• 3-6 years of experience in Cybersecurity, GRC, or Cyber Risk Advisory.
• Hands-on experience with gap assessments, internal assessments, and control testing.
• Prior experience in consulting or client-facing roles is preferred.
• Knowledge of IRAP and Australian ISM is preferred (foundational understanding acceptable).

Framework Knowledge

• ISO 27001 / ISO 27701
• NIST CSF
• SOC 2
• Australian ISM & IRAP (preferred)

Certifications (Preferred, Not Mandatory)

• CISA, CISM, ISO 27001 LA/LI, CRISC, CCSP, etc.

Skill Set Required

• Strong understanding of GRC frameworks and cyber security standards.
• Experience conducting gap assessments, internal control reviews, and compliance assessments.
• Excellent communication, stakeholder management, and documentation skills.
• Ability to guide junior team members and manage small workstreams.
• Strong analytical and problem-solving skills with practical interpretation of security requirements.

Grant Thornton – Company Overview

audit, tax, advisory, and consulting

Grant Thornton Bharat LLP

Key Highlights:

• Global network with strong cross-border capabilities.
• Expertise across multiple industries including BFSI, manufacturing, technology, and retail.
• Focus on 

  risk, compliance, digital transformation, and growth advisory

  .
• Offices in 

  major Indian cities

  , including Delhi NCR, Mumbai, Bengaluru, and Chennai.