The Information Security & Compliance Consultant specializes in the area of IT Governance, Risk, Control and IT Security. The consultant will be part of the IT GRC team supporting the client across the world. Regardless of specialization, it is important to have an understanding and insight in all areas of IT Security.
The role GRC Consultant will carry out engagements related to risk management, policy compliance, security requirements and governance.
PRIMARY DUTIES & RESPONSIBILITIES:
• Develop and participate in the implementation of ISO 27001:2013 initiatives
• Implement and drive activities related to technology risk reduction, governance and compliance to policies and external regulatory compliance.
• Evaluate IT risks and develop risk mitigation strategies, and corrective actions.
• Provide recommendations to improve organizational security posture through process improvement, policy automation and continuous evolution of capabilities.
• Document and report on security gaps and provide remediation guidance, prepare management reports, track remediation activities.
• Conduct risk and exception assessments by assessing multiple inputs from internal/external sources
• Conduct due diligence assessments on third-party vendors using supply chain risk management practices.
• Implement effective processes within the GRC function to automate and continuously monitor information security controls, exceptions, risks reporting metrics, dashboards and evidence artifacts.
• Interviewing various stakeholders across the organization to determine security controls implementation and effectiveness by collecting and analyzing evidence and documenting findings and tracking to closure.
KEY SKILLS
• Ability to conduct risk assessments on IT systems.
• Deep Knowledge of risk assessment methodologies, cyber security operations and InfoSec business processes
• Experience of working on GRC technology enabled risk and compliance transformation programs required.
• Advanced proficiency in MS Office suite specifically Excel
• Knowledge of Security best practice, methodologies, systems and third-party providers
• Proficiency in the English language,
Mandatory Skills