GRC Consultant

1. Position Overview:

We are seeking a motivated and skilled Information Security Risk Manager with Bachelors or Masters degree in IT ECE Computer Science or related field and a strong background of 69 Years Experience in information security risk management to join our team IMMEDIATELY

The role demands an understanding of regulatory requirements (e.g. UAE Information Assurance) and industry standards (e.g. NIST Risk Management Framework (RMF) ISO 31000 ISO 27001) along with practical experience in information security and risk management.

Role Description:

• Conduct Information Security Governance Risk & Compliance (GRC) consulting projects for customers globally using various standards like PCIDSS ISO 27001 NIST CSF COBIT etc. specializing in risk management.
• Define risk management methodology supported by a threatvulnerability assessment in collaboration with key stakeholders within the organization.
• Define document implement and refine information security management frameworks within client organizations. This includes Information security strategy policies procedures standards guidelines SOPs forms templates etc.
• Conduct comprehensive risk assessments in close coordination with internal and external stakeholders.
• Assist in the implementation/maintenance of information security policies and procedures in compliance with governance legal contractual or internal requirements.
• Provide expert guidance to customer Information Security and other departments.
• Conduct security risk assessments to enable informed decisionmaking by stakeholders while keeping business objectives paramount.
• Review security aspects of business cases IT application/infrastructure changes project proposals requirements solution designs and system architectures.
• Create and promote security awareness campaigns and conduct information security awareness programs to enhance the information security knowledge of staff and management on the latest threats and vulnerabilities.
• Manage the assigned team project management and delivery management.
• Train the internal team on GRC & risk assessment.
• Participate in presales meetings with prospective customers and offer specialized GRC and risk management consulting services.
• Monitor and review information security compliance.
• Coordinate with the customer IT project management department vendors and consultants to build an effective security program.
• Lead annual planning information security architecture and governance reviews for customer organizations.

2. Key Responsibilities:

Risk Management:

1. Identify assess and prioritize information security risks across the organization.

2. Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor and measure risk levels and the effectiveness of risk management efforts.

3. Recommend and track the implementation of risk mitigation strategies and controls.

4. Conduct frequent risk assessments and reviews to ensure the effectiveness of controls.

5. Monitor and report on the status of risk management activities and initiatives.

6. Recommend enhancements to risk assessment methodology.

7. Maintain the risk register within the GRC platform ensuring it is updated with highquality relevant content.

Governance:

1. Assist in enforcing information security policies procedures and standards.

2. Contribute to the maintenance of a governance framework for managing

information security risks.

Collaboration:

1. Provide expertise and guidance on information security matters to key

stakeholders fostering strong working relationships across departments.

2. Serve as a liaison and advisor to customer IT project management vendors and consultants.

Continuous Improvement:

1. Stay informed on emerging trends threats and technologies in information security.

2. Recommend and implement improvements to the risk management framework tools and methodologies.

Compliance & Risk Assessments:

1. Conduct independent security risk assessments to support informed decision making aligned with business objectives.

2. Review the security aspects of business cases IT applications infrastructure changes project proposals requirements solution designs and system architectures.

3. Conduct ISO 27001 PCIDSS and other compliance assessments as neededespecially for banking information security audits.

Security Awareness:

1. Design and conduct innovative information security awareness programs to educate employees and management about current threats and security best practices.

2. Train and mentor the internal team and clients on GRC risk assessment and information security frameworks.

Project & Delivery Management:

1. Oversee project management and delivery for assigned teams ensuring

alignment with client requirements and quality standards.

Required Technical Skills:

Certifications:

• Required: CISSP CISA CISM CRISC CGEIT GRCP or GRCA.
• Good to have: ISO 27001 Lead Auditor ISO 27001 Lead Implementer IAPP CertifiedCDPSE CCSK CCSP CCAK ISO 27701 privacy ISO 20000 PCI QSA ISO22301.
• Framework Knowledge: Familiarity with GRC standards/frameworks such as ISO 27001 NIST
• CSF COBIT ITIL and regulatory requirements like UAEs NESA RBI CSF and SAMA CSF.

Experience:

• Familiarity with systems database network and application security.
• Knowledge of risk assessment approaches policy formation and security protocols.
• Experience with information security architectures and security assessments.
• Detailed experience with ISO 27001/2 PCIDSS GDPR and other security frameworks.
• Experience in conducting risk assessments especially in banking and finance.

Behavioural Skills:

a) Strong analytical and strategic mindset in Cyber security governance.

b) Skilled to work with minimalsupervision.

c) Excellent Presentation & Internal as well as External Customer Facing skills.

d) Strong acumen to communicate complex ideas concisely and in a business context.

e) Project Management skills and experience.

f) Exceptional interpersonal relationship management and influencing skills.

g) Ability to collaborate with a broad range of business and technology stakeholders including top management representatives.

h) Positive attitude problem solving skills and attention to detail.

i) Should be resultsoriented and able to deliver within preset deadlines.

j) Should value quality and client satisfaction.

k) Should possess very good communication skills (strong written/spoken English language skills & presentation skills).

OTHER DETAILS :

1. Candidate from Big 4 firm would be preferred.
   
2. Candidate must have experience in or working with Global clients.
3. Strong communication skills is required (it can be equal weightage for communication and technical skills/knowledge) and he/she should be capable of working with minimal supervision.
4. This candidate will be on a project which requires the candidate to be at Bangalore and UAE locations alternatively (for the 1st year it will be 6 months Onsite in Abu Dabhi client location and 6 months in Bangalore office).
   
5. Candidate will have to clear our internal interview process as well as the customer interview.
6. Minimum 1 year commitment from the candidate is required as we will be committed to the customer as well accordingly.
7. CISA/ CISM/ CISSP any 1 certificate is mandatory
8. Notice period : 1015 days Maximum

1. CTC range upper cap of Rs. 35 lacs p.a.
2. In addition to the CTC the candidate will be paid fixed perdiem allowance as per company policy during the period of stay in Onsite Abu Dabhi location we will provide accommodation and local travel to and from customer location to place of stay as well.
3. The candidate will be on a project which requires to be at Bangalore and UAE locations alternatively (for the 1^st year it will be 6 months Onsite in Abu Dabhi client location and 6 months in Bangalore office).