Description :

Role : GRC Consultant

Introduction :

We are looking for a detail-oriented and proactive GRC Consultant to join our team. The ideal candidate will have strong expertise in ISO 27001, information security policy creation, and implementation of Governance, Risk, and Compliance frameworks.

This role will be instrumental in developing and maintaining an organization-wide ISMS, ensuring regulatory compliance, managing audits, and strengthening risk and policy governance.

ISO 27001 Audits & ISMS Implementation :

- Lead internal audits and gap assessments for ISO 27001 compliance.

- Assist in planning, implementing, maintaining, and improving the Information Security Management System (ISMS) as per ISO 27001 standards.

- Maintain and update the Statement of Applicability (SoA) and Risk Treatment Plans.

- Identify non-conformities and drive corrective/preventive actions.

- Coordinate external ISO 27001 surveillance and certification audits.

Policy Development & Documentation :

- Create, review, and update policies and procedures to meet GRC and ISO 27001 standards.

- Ensure documentation reflects current compliance requirements and emerging risks.

- Map controls to policies and ensure alignment with audit and regulatory expectations.

GRC Framework Implementation & Management :

- Design and implement GRC frameworks aligned with international standards and regulatory requirements.

- Collaborate with senior leadership to define key risk indicators (KRIs), controls, and governance procedures.

- Maintain GRC registers, including asset inventory, risk register, and control mapping.

Risk Management :

- Conduct information security risk assessments using structured methodologies.

- Evaluate and prioritize risks based on likelihood and impact.

- Develop risk mitigation strategies and assist with control implementation and monitoring.

Audit & Compliance Reporting :

- Prepare comprehensive audit reports highlighting compliance status, gaps, and risk exposure.

- Track implementation of corrective actions post-audit and maintain audit trails.

- Assist in the preparation of audit plans, checklists, and evidence collection processes.

Stakeholder Engagement & Training :

- Collaborate with business functions, IT, external auditors, and vendors to ensure audit readiness and policy compliance.

- Conduct awareness programs and training sessions on ISO 27001, information security best practices, and GRC responsibilities.

- Promote a culture of compliance and continuous improvement across departments.

Continuous Monitoring & Improvement :

- Stay updated with changes in ISO standards, cybersecurity threats, and regulatory requirements.

- Recommend and implement improvements in policies, controls, and audit processes to maintain an effective GRC posture.

Key Skills & Qualifications :

Experience :

- 2 to 3 years in GRC, ISO 27001 implementation/audits, policy management, and ISMS operations.

Knowledge :

- In-depth understanding of ISO 27001, NIST, GDPR, and other information security and privacy standards.

- Strong grasp of risk management frameworks and internal control systems.

- Familiarity with GRC tools (e.g., RSA Archer, MetricStream) is an advantage.

Skills :

- Expert in writing and implementing security policies and procedures.

- Strong auditing, documentation, and risk assessment capabilities.

- Excellent analytical, communication, and project coordination skills.

Certifications :

- ISO 27001 Lead Auditor or Lead Implementer certification (preferred).

- Additional certifications such as CISA, CISM, CISSP, or GRCP are a plus.

Soft Skills :

- Self-motivated and accountable.

- Strong attention to detail and organizational skills.

- Ability to work cross-functionally and manage multiple priorities.

Why Join Us ?

- Competitive compensation package.

- Opportunity to lead ISO 27001 projects and policy frameworks

- Growth in the high-demand area of Governance and Information Security

- Collaborative work culture focused on compliance, innovation, and security excellence.