Key Responsibilities:

Experience Required : 2 - 3 years

Location : Andheri, Mumbai

Department : Risk Advisory / Information Security / Cybersecurity

Role Summary :

We are seeking a GRC Consultant (Junior) with 2-3 years of experience to support clients in building and enhancing their Governance, Risk, and Compliance (GRC) frameworks. The ideal candidate will work with senior consultants to assist in the execution of risk assessments, compliance audits, policy reviews, and control implementations across various industries.

Key Responsibilities:

1. Governance & Compliance:

• Assist in drafting and reviewing IT and information security policies, procedures, and standards.
• Support in conducting GAP assessments against frameworks like ISO 27001, SOC 2, GDPR, PCI-DSS.
• Coordinate audit preparation and evidence collection with client teams.
• Work on the maintenance and continual improvement of Information Security Management Systems (ISMS).

2. Risk Management:

• Participate in IT and cybersecurity risk assessments and update risk registers.
• Support in identifying risks, recommending mitigation actions, and tracking closure.
• Assist in preparing risk analysis reports and presenting key findings.

3. Client Engagement Support:

• Collaborate with client teams to gather required information and documents.
• Assist senior team members in delivering client reports, presentations, and project documentation.
• Participate in internal and external audit support for compliance assessments.

4. GRC Tools & Technologies (Preferred):

• Exposure to GRC platforms/tools like Archer, ServiceNow GRC, MetricStream, or equivalents.
• Familiarity with tools used in risk assessments and compliance tracking.

Required Skills & Qualifications:

• Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related fields.
• 2-3 years of experience in GRC, Information Security, IT Compliance, or Risk Management roles.
• Basic to intermediate knowledge of ISO 27001, SOC 2, NIST CSF, or similar frameworks.
• Good understanding of risk assessment methodologies and compliance processes.
• Strong communication, report-writing, and documentation skills.
• Proficiency in MS Office (Excel, Word, PowerPoint).

Preferred Certifications:

• ISO 27001 Lead Auditor (Mandatory)
• CISA (Certified Information Systems Auditor) (optional)
• CRISC (Certified in Risk and Information Systems Control) (optional)
• ITIL Foundation (for process understanding)