GRC Consultant
GRC Consultant
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
1-3years
500000 - 800000
1 Vacancy
Job Description
GRC Strategy and Planning:
Develop and implement comprehensive GRC strategies policies and procedures aligned with organizational goals and objectives.
Define and prioritize GRC initiatives based on risk assessments regulatory requirements and industry best practices.
Continuously evaluate and update GRC frameworks to adapt to evolving threats and compliance landscapes.
Risk Management:
Conduct risk assessments to identify analyze and prioritize risks across the organization.
Develop risk mitigation strategies and controls to address identified risks effectively.
Monitor and report on risk exposure and mitigation efforts to senior management and stakeholders.
Compliance Management:
Ensure compliance with relevant laws regulations and industry standards such as GDPR HIPAA PCI DSS etc.
Monitor changes in regulatory requirements (SEBI RBI IRDAI etc) and assess their impact on the organizations compliance posture.
Coordinate compliance audits assessments and certifications and remediate any identified issues or deficiencies.
Audit Management:
Plan coordinate and oversee internal and external audit activities including IT audits compliance audits and thirdparty audits.
Develop audit plans programs and testing procedures to assess the effectiveness of controls and compliance with policies and regulations.
Review audit findings assess control deficiencies and collaborate with stakeholders to develop and implement remediation plans.
Monitor and track the progress of audit remediation efforts and report on the status to senior management and audit committees.
Policy Development and Enforcement:
Develop review and update information security policies standards and guidelines in alignment with regulatory requirements and industry best practices.
Establish mechanisms for policy enforcement and monitor adherence to policies across the organization.
CrossFunctional Collaboration:
Collaborate with internal stakeholders including IT legal finance and operations to integrate GRC principles into business processes and initiatives.
Provide guidance and support to business units on GRCrelated matters including risk assessments compliance requirements and controls implementation.
Training and Awareness:
Develop and deliver GRC training programs and awareness campaigns to educate employees on their roles and responsibilities in maintaining compliance and managing risks.
Foster a culture of compliance and risk awareness throughout the organization.
Requirements
Qualifications and Skills:
Bachelors degree in Information Security Risk Management Business Administration or related field. Masters degree or relevant certifications (e.g. CISA CISSP CRISC CISM) preferred.
Minimum of 5 years of experience in governance risk and compliance roles with a focus on information security and IT risk management including audit management experience.
Strong understanding of regulatory requirements and industry standards related to information security and data privacy (e.g. GDPR HIPAA ISO 27001).
Proficiency in audit methodologies risk assessment frameworks compliance frameworks and control frameworks (e.g. NIST Cybersecurity Framework COBIT ITIL).
Excellent analytical problemsolving and decisionmaking skills.
Effective communication and interpersonal skills with the ability to collaborate with diverse stakeholders and influence change.
Proven track record of leading GRC initiatives conducting audits and driving process improvements.
Ability to work independently and manage multiple priorities in a fastpaced environment.
Qualifications and Skills: Bachelor's degree in Information Security, Risk Management, Business Administration, or related field. Masters degree or relevant certifications (e.g., CISA, CISSP, CRISC, CISM) preferred. Minimum of 5 years of experience in governance, risk, and compliance roles, with a focus on information security and IT risk management, including audit management experience. Strong understanding of regulatory requirements and industry standards related to information security and data privacy (e.g., GDPR, HIPAA, ISO 27001). Proficiency in audit methodologies, risk assessment frameworks, compliance frameworks, and control frameworks (e.g., NIST Cybersecurity Framework, COBIT, ITIL). Excellent analytical, problem-solving, and decision-making skills. Effective communication and interpersonal skills, with the ability to collaborate with diverse stakeholders and influence change. Proven track record of leading GRC initiatives, conducting audits, and driving process improvements. Ability to work independently and manage multiple priorities in a fast-paced environment.
Employment Type
Full Time
