GRC Consultant

1. Position Overview:

We are seeking a motivated and skilled Information Security Risk Manager with a Bachelors or Masters degree in IT, ECE, Computer Science, or a related field and a strong background of 6-9 years of experience in information security risk management to join our team IMMEDIATELY.

The role demands an understanding of regulatory requirements (e.g. UAE Information Assurance) and industry standards (e.g. NIST Risk Management Framework (RMF), ISO 31000, ISO 27001) along with practical experience in information security and risk management.

Role Description:

• Conduct Information Security Governance Risk & Compliance (GRC) consulting projects for customers globally using various standards like PCIDSS, ISO 27001, NIST CSF, COBIT, etc., specializing in risk management.
• Define risk management methodology supported by a threat/vulnerability assessment in collaboration with key stakeholders within the organization.
• Define, document, implement, and refine information security management frameworks within client organizations. This includes information security strategy, policies, procedures, standards, guidelines, SOPs, forms, templates, etc.
• Conduct comprehensive risk assessments in close coordination with internal and external stakeholders.
• Assist in the implementation/maintenance of information security policies and procedures in compliance with governance, legal, contractual, or internal requirements.
• Provide expert guidance to customer Information Security and other departments.
• Conduct security risk assessments to enable informed decision-making by stakeholders while keeping business objectives paramount.
• Review security aspects of business cases, IT application/infrastructure changes, project proposals, requirements, solution designs, and system architectures.
• Create and promote security awareness campaigns and conduct information security awareness programs to enhance the information security knowledge of staff and management on the latest threats and vulnerabilities.
• Manage the assigned team, project management, and delivery management.
• Train the internal team on GRC & risk assessment.
• Participate in presales meetings with prospective customers and offer specialized GRC and risk management consulting services.
• Monitor and review information security compliance.
• Coordinate with the customer IT project management department, vendors, and consultants to build an effective security program.
• Lead annual planning, information security architecture, and governance reviews for customer organizations.

2. Key Responsibilities:

Risk Management:

1. Identify, assess, and prioritize information security risks across the organization.
2. Develop and maintain Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) to monitor and measure risk levels and the effectiveness of risk management efforts.
3. Recommend and track the implementation of risk mitigation strategies and controls.
4. Conduct frequent risk assessments and reviews to ensure the effectiveness of controls.
5. Monitor and report on the status of risk management activities and initiatives.
6. Recommend enhancements to risk assessment methodology.
7. Maintain the risk register within the GRC platform ensuring it is updated with high-quality, relevant content.

Governance:

1. Assist in enforcing information security policies, procedures, and standards.
2. Contribute to the maintenance of a governance framework for managing information security risks.

Collaboration:

1. Provide expertise and guidance on information security matters to key stakeholders, fostering strong working relationships across departments.
2. Serve as a liaison and advisor to customer IT project management, vendors, and consultants.

Continuous Improvement:

1. Stay informed on emerging trends, threats, and technologies in information security.
2. Recommend and implement improvements to the risk management framework, tools, and methodologies.

Compliance & Risk Assessments:

1. Conduct independent security risk assessments to support informed decision-making aligned with business objectives.
2. Review the security aspects of business cases, IT applications, infrastructure changes, project proposals, requirements, solution designs, and system architectures.
3. Conduct ISO 27001, PCIDSS, and other compliance assessments as needed, especially for banking information security audits.

Security Awareness:

1. Design and conduct innovative information security awareness programs to educate employees and management about current threats and security best practices.
2. Train and mentor the internal team and clients on GRC, risk assessment, and information security frameworks.

Project & Delivery Management:

1. Oversee project management and delivery for assigned teams, ensuring alignment with client requirements and quality standards.

Required Technical Skills:

Certifications:

• Required: CISSP, CISA, CISM, CRISC, CGEIT, GRCP, or GRCA.
• Good to have: ISO 27001 Lead Auditor, ISO 27001 Lead Implementer, IAPP Certified CDPSE, CCSK, CCSP, CCAK, ISO 27701 privacy, ISO 20000, PCI QSA, ISO 22301.
• Framework Knowledge: Familiarity with GRC standards/frameworks such as ISO 27001, NIST CSF, COBIT, ITIL and regulatory requirements like UAE's NESA, RBI CSF, and SAMA CSF.

Experience:

• Familiarity with systems, database, network, and application security.
• Knowledge of risk assessment approaches, policy formation, and security protocols.
• Experience with information security architectures and security assessments.
• Detailed experience with ISO 27001/2, PCIDSS, GDPR, and other security frameworks.
• Experience in conducting risk assessments, especially in banking and finance.

Behavioural Skills:

• Strong analytical and strategic mindset in Cyber security governance.
• Skilled to work with minimal supervision.
• Excellent Presentation & Internal as well as External Customer Facing skills.
• Strong acumen to communicate complex ideas concisely and in a business context.
• Project Management skills and experience.
• Exceptional interpersonal relationship management and influencing skills.
• Ability to collaborate with a broad range of business and technology stakeholders, including top management representatives.
• Positive attitude, problem-solving skills, and attention to detail.
• Should be results-oriented and able to deliver within preset deadlines.
• Should value quality and client satisfaction.
• Should possess very good communication skills (strong written/spoken English language skills & presentation skills).

OTHER DETAILS:

• Candidate from Big 4 firm would be preferred.
• Candidate must have experience in or working with Global clients.
• Strong communication skills are required (it can be equal weightage for communication and technical skills/knowledge) and he/she should be capable of working with minimal supervision.
• This candidate will be on a project which requires the candidate to be at Bangalore and UAE locations alternatively (for the 1st year it will be 6 months Onsite in Abu Dhabi client location and 6 months in Bangalore office).
• Candidate will have to clear our internal interview process as well as the customer interview.
• Minimum 1 year commitment from the candidate is required as we will be committed to the customer as well accordingly.
• CISA/CISM/CISSP any 1 certificate is mandatory.
• Notice period: 10-15 days Maximum.
• CTC range upper cap of Rs. 35 lacs p.a.
• In addition to the CTC, the candidate will be paid a fixed per diem allowance as per company policy during the period of stay in Onsite Abu Dhabi location and we will provide accommodation and local travel to and from customer location to place of stay as well.