Senior GRC Analyst
Senior GRC Analyst
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
A technology company is seeking a candidate for the position of Information Security GRC (Governance Risk and Compliance) Specialist. As a key member of the IT Advisory team the Information Security GRC Specialist will be responsible for managing policy compliance overseeing security requirements governance and handling risk management activities. The ideal candidate will possess strong knowledge of risk management security and privacy practices along with excellent IT skills and communication skills both written and verbal.
Position: Senior GRC Analyst
Location: Pakistan
Job Mode: Onsite Lahore
Shift: US Central Time Zone
Compensation: Market Equivalent USD
Benefits: Standard (Market Equivalent)
Key Responsibilities:
- Develop and assist in implementing client initiatives aimed at reducing technology risks ensuring governance and achieving compliance with internal policies and external regulations.
- Assess risks and create security standards procedures and controls to mitigate them. Enhance security posture through process improvements policy updates automation and continuous capability development.
- Implement processes to automate and monitor information security controls exceptions risks and testing activities on an ongoing basis.
- Create and maintain reporting metrics dashboards and evidence artifacts.
- Evaluate both business and ITrelated risks.
- Design IT security standards procedures and controls to manage risks and improve client security posture via process enhancements policy updates automation and capability evolution.
- Analyze information security threats and their potential impact on the clients IT environment.
- Assist senior team members in analyzing client requirements designing information security strategies and ensuring compliance with legal regulatory and industryspecific security frameworks.
- Contribute to the delivery of client workstreams related to compliance standards such as PCI DSS ISO 27001 EU GDPR and incident management practices.
- Conduct assessments of internal and external information security risks and exceptions including vulnerability management patching status secure baselines penetration test results phishing and social engineering tests.
- Document and report control failures and gaps offering remediation guidance and preparing management reports to track remediation progress.
- Stay up to date on best practices and technological advancements serving as a technical resource for security assessments and regulatory compliance matters.
- Perform other related duties as needed based on business requirements.
Qualifications and Skills:
- A minimum of 3 years of experience in IT Governance Risk and Compliance.
- Familiarity with standards such as ISO 27001 PCI DSS ITIL ITSM and COBIT is preferred.
- Strong understanding of risk management principles and methodologies.
- Preferred certifications: CEH CISSP CISA or CISM.
- Ability to make sound pragmatic decisions and judgments within tight deadlines.
- Strong interpersonal and influencing skills with the ability to drive change collaboratively both internally and externally.
Employment Type
Full Time
