发布 Jan 23, 2024 165 查看
The Information Security & Compliance Consultant specializes in the area of IT Governance, Risk, Control and IT Security. The consultant will be part of the IT GRC team supporting the client across the world. Regardless of specialization, it is important to have an understanding and insight in all areas of IT Security.
The role GRC Consultant will carry out engagements related to risk management, policy compliance, security requirements and governance.
PRIMARY DUTIES & RESPONSIBILITIES:
• Develop and participate in the implementation of ISO 27001:2013 initiatives
• Implement and drive activities related to technology risk reduction, governance and compliance to policies and external regulatory compliance.
• Evaluate IT risks and develop risk mitigation strategies, and corrective actions.
• Provide recommendations to improve organizational security posture through process improvement, policy automation and continuous evolution of capabilities.
• Document and report on security gaps and provide remediation guidance, prepare management reports, track remediation activities.
• Conduct risk and exception assessments by assessing multiple inputs from internal/external sources
• Conduct due diligence assessments on third-party vendors using supply chain risk management practices.
• Implement effective processes within the GRC function to automate and continuously monitor information security controls, exceptions, risks reporting metrics, dashboards and evidence artifacts.
• Interviewing various stakeholders across the organization to determine security controls implementation and effectiveness by collecting and analyzing evidence and documenting findings and tracking to closure.
KEY SKILLS
• Ability to conduct risk assessments on IT systems.
• Deep Knowledge of risk assessment methodologies, cyber security operations and InfoSec business processes
• Experience of working on GRC technology enabled risk and compliance transformation programs required.
• Advanced proficiency in MS Office suite specifically Excel
• Knowledge of Security best practice, methodologies, systems and third-party providers
• Proficiency in the English language,
Mandatory Skills
- Hands-on experience in IT Security implementation & audit (such as ISO 27001)
- Knowledgeable about NIST, CIS guidelines, various other IT Security regulations & baseline control.
- Experience in information technology security is a strong requirement, and person should have experience in at least one or more technology at some time.
- Experience in SoX, Information Security, Data Privacy and PCI requirements
- Knowledge of Security and Compliance Testing IT Infrastructure, and exposure to any IT GRC tool such as Archer, Metric Stream etc. will be a plus.
- Preferred Certifications: ISO 27000 LA, CISA, CISSP
- Strong analytics & reporting skills with strong communication & presentation.
- Ability to work with all level of clients & internal resources
Optimal Solutions and Services LLC
Zohaib Ali
Marketing Manager
Digital Online Devices
Aqib Irshad
Head of HR, Training & OD
FINCA
Mona Sharif
Senior Team Lead
Konext PVT. LTD
Zubair Anjum
Business Excellence Specialist
Nestle Pakistan
Sehrish Azhar
Motivational Speaker & Blogger
Living Upbeat
Babar Ahmed Khan
Territory Sales Manager
Engro Foods
Usman Habib
Recruitment & Training Executive
ACS Synergy (Pvt) Ltd.
Muzammil Baig
Digital Marketing Manager
IT Services Group
Ayesha Shaukat
Social Media Marketing Manager
Ivoke
Ali Aziz
CEO
Shopistan
