Cyber Security Consultant - GRC Tools

Description :

- Conduct regular internal assessments and risk evaluations to identify, evaluate, and mitigate risks related to information security and business operations.

- Recommend actions and improvements to enhance IT governance maturity using frameworks like ISO 27001, NIST, and TISAX.

- Ensure compliance with information security policies, procedures, and standards across the organization.

- Perform ongoing checks and Key Risk Indicator (KRI) monitoring on security tools and systems.

- Monitor and manage security-related nonconformities, ensuring timely corrective actions are

tracked and resolved.

- Conduct risk assessments to identify, evaluate, and prioritize risks and work with relevant

teams to implement risk mitigation actions.

- Prepare documentation and coordinate audit activities to support external audits, ensuring

compliance with cybersecurity policies and standards.

- Collaborate with IT, legal, and other business stakeholders to integrate information security

risk management into business processes.

- Contribute to the creation and refinement of information security policies, procedures, and

guidelines.

- Assist in delivering training programs to raise awareness of security best practices within the

organization.

- Maintain comprehensive and accurate documentation of risk assessments, compliance

activities, audits, and incident reports.

- Ensure transparency and effective communication of information security activities to senior

leadership and regulatory bodies.

Required Qualifications :

- Bachelors degree in Information Security, Cybersecurity, IT, or a related field.

- Professional certifications such as CISSP, CISM, CISA, ISO 27001, or NIST (preferred).

- Proven experience with risk assessments, internal audits, and IT governance frameworks (ISO

27001, NIST, TISAX).

- Strong understanding of information security principles, including risk management and

compliance.

- Experience with security tools and technologies, including KRI monitoring.

- Excellent written and verbal communication skills.

- Ability to work cross-functionally with various teams and stakeholders to align on security

goals.

- Strong attention to detail and organizational skills.