Job Title: GRC Consultant
Job Function: Managing GRC Projects
Job Location: Bengaluru (Should be willing to travel within and outside India)
1) Support local, regional, and global business initiatives
2) Managing the portfolio of Information Security Governance, Risk & Compliance (GRC) Consulting for clients across the globe including various standards like PCI, ISO, COBIT, NIST, 9) which includes but it not limited to Data Privacy, IT Governance, IT Risk Management, Application Security Governance, Business Continuity Management.
3) Defining a Security Strategy, supported by a threat assessment in collaboration with key stakeholders in the organization
4) Implementing or refining security governance, including decision-making mechanisms, security policies and norms or security management processes and procedures
5) Executing risk assessments with close coordination with the internal and external stakeholders
6) Assisting in implementation/maintenance of information security policies and procedures in compliance to legal, contractual or internal requirements
7) Defining or testing crisis management, business continuity or disaster recovery planning
8) Increasing the information security awareness of staff and management on threats and vulnerabilities through innovative ideas and initiatives
9) Managing the assigned team, project management & delivery management
10) Training the internal team on GRC & Risk Assessment
11) Meeting prospective customers
Required Skills & Expertise:
1) 6+ Years of core experience in GRC consulting including but not limited to the areas of – Information Security Governance, Business Continuity Management, Risk Assessment, creating customized Risk Assessment framework, Information Security Incident Management.
2) A Bachelor or a Master’ s degree. The education is not required to be in IT or technology though you should have some affinity with technology
3) Should have conducted ISO 27001 gap assessments, PCI DSS gap assessments & other regulatory audits
4) Should have exposure to banking audits
5) Should be able to work in a diverse team and should be able to adapt to various challenging customer environments
6) Should be results-oriented and able to deliver within preset deadlines.
7) Should value quality and client-satisfaction at minimum
8) Should possess very good communication skills (written/spoken English & presentation skill)
9) Should be well versed with at least ISO 27001 & PCI-DSS
10) Should have strong experience in conducting risk management and must have knowledge of various risk assessment methodologies
11) Should have the capability to provide on-demand solutions pertaining to Governance & Risk Assessment
1) Relevant professional certifications like CISSP, CISA,CISM, ITIL, ISO 27001 Lead Auditor, ISO 27001 Lead Implementer etc.
2) Desirable to have working knowledge of Vulnerability Assessment, Network Penetration Testing & Application Security Testing
3) Ability to operate in an autonomous fashion but also be involved in the team work