Our client is a pure-play information security consulting firm that started in 2006 with global offices & presence in India, UAE, Oman, KSA & USA. It specializes in Risk Assessment, GRC Consulting, Information Security Training and on-demand information security consulting. They are looking for a GRC consultant to help them manage their projects.
1) Conducting Information Security Governance, Risk & Compliance (GRC) Consulting projects for customers across the globe using various standards like PCI-DSS, ISO 27001, NIST CSF, COBIT, etc)
2) Defining the risk management methodology supported by a threat-vulnerability assessment in collaboration with key stakeholders within the organization
3) Defining, documenting, Implementing and refining information security management frameworks within client organizations. The documentation may include Information security strategy, IS policies, procedures, standards, SOP’s, forms, templates, etc.
4) Conducting comprehensive risk assessments in close coordination with internal and external stakeholders
5) Assisting in implementation/maintenance of information security policies and procedures in compliance to Governance, legal, contractual or internal requirements
6) Conducting Information Security awareness programs with objective of increasing the information security awareness of staff and management on latest information security threats and vulnerabilities through innovative ideas and initiatives
7) Managing the assigned team, project management & delivery management
8) Training the internal team on GRC & Risk Assessment
9) Meeting prospective customers on presales meetings and/or specialized GRC and risk management consulting services
Note: Job Location – Bengaluru (Consultant should be willing to travel within and outside India)
Required Skills & Expertise:
1) 3-7 Years of core experience in GRC consulting including but not limited to the areas of –Information Security Governance, Business Continuity Management, Risk Management, Information Security Incident Management, etc.
2) A Bachelor or a Master’ s degree in IT, ECE or Computer Sciences.
3) Should have conducted ISO 27001 gap assessments, PCI DSS gap assessments & other gap assessments against information security regulatory/statutory/compliance requirements
4) Should have exposure to conducting banking Information Security audits
5) Should be able to work in a diverse team and should be able to adapt to various challenging customer environments
6) Should be results-oriented and able to deliver within preset deadlines.
7) Should value quality and client-satisfaction
8) Should possess very good communication skills (written/spoken English & presentation skill)
9) Should be well versed with at least ISO 27001 & PCI-DSS
10) Should have strong experience in conducting risk management and must have knowledge of various risk assessment methodologies
11) Should have the capability to provide on-demand solutions pertaining to Governance & Risk management
1) Relevant professional certifications like CISSP, CISA,CISM, ITIL, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer etc.
2) Desirable to have a working knowledge of Vulnerability Assessment, Network Penetration Testing & Application Security Testing
3) Ability to operate in an autonomous fashion but also be involved in teamwork