Our client is a pure-play information security consulting firm that started in 2006 with global offices & presence in India, UAE, Oman, KSA & USA. It specializes in Risk Assessment, GRC Consulting, Information Security Training and on-demand information security consulting. They are looking for a Senior GRC consultant to help them manage their projects.
Job role: This role includes 50% audit & 50% implementation & development work, experience to any one of the below will qualify the candidate for M1 level (Preference is Audit)
- Leading and developing a practice line along with team
- Should have Practice development & services design experience
- Should have Leadership, ownership, team management, engaging business skills
1. Setting up Governance (aligned to standards)
- Gap Assessment
- Risk Assessment
- Documents Strategy/Framework/Policy/Procedure/Standards/Guidelines/Templates/Checklists/Forms Implementation Roadmap/Process/Technology/People environment within an organization
2. Implementing/Managing the setup (Governance)
- Assisting or consulting/advising on implementation or performing the implementation
- Managed services for running the GRC/ISMS program
- Running Awareness Campaigns
- periodic review/improvement of GRC documentation
- periodic Risk assessments, etc
3. Assessing/Auditing/Reviewing Compliances of the setup Governance/ ISMS
- Developing Audit/Assessment frameworks as per need, develop audit programs
- Conducting Compliance Reviews against known/agreed frameworks
- Engagement with stakeholders to get data
- Conducting Control effectiveness review
- GRC assessment (Documentation review, implementation review along with asking evidence review)
- Preparation of reports
- Preparing and delivering audit outcomes Presentation to stakeholders
1) Anyone Relevant certification is mandatory: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, GRCA
2) Good to have Certification: ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, IAPP Certified, CDPSE, ISO 27701 privacy, ISO 20000, CCSK, CCSP, CCAK, PCIQSA, ISO22301,
- GRC Standards/ Framework Knowledge: (ISO27001 mandatory)
ISO9001, PCIDSS, NIST Cyber security framework, COBIT, ITIL, NCA ECC, NESA (UAE), RBI CSF, SAMA CSF, HIPPA, SOC 2 (Audit framework), ISO22301 framework, CMMi – good to have
1) Positive attitude, problem solving skills and attention to details
2) Should be results-oriented and able to deliver within preset deadlines.
3) Should value quality and client-satisfaction
4) Should possess very good communication skills (written/spoken English & presentation skill)
5) Ability to be analytical and strategic.
6) Able to work with minimal supervision.
7) Presentation & Internal Customer Facing skills.
8) Ability to communicate complex ideas concisely and in a business context.