We are looking for a GRC (Governance, Risk & Compliance) Consultant with CISA certification to support and strengthen our information security, IT governance, risk management, and compliance frameworks. The role involves working closely with business and IT stakeholders to ensure regulatory compliance, risk mitigation, and robust control environments.
Key Responsibilities
- Design, implement, and maintain GRC frameworks aligned with industry standards.
- Perform IT audits, risk assessments, and control evaluations.
Ensure compliance with standards and regulations such as:
- ISO 27001
- SOX
- GDPR
- RBI / SEBI / IRDAI (as applicable)
- Conduct IT General Controls (ITGC) and application control reviews.
- Identify gaps, assess risks, and recommend remediation plans.
- Support internal and external audits and coordinate with auditors.
- Develop and maintain policies, procedures, and risk registers.
- Assist in vendor risk assessments and third-party audits.
- Prepare audit reports, dashboards, and compliance documentation for management.
- Conduct awareness sessions on risk, compliance, and security best practices.
Requirements
Required Skills & Qualifications
- CISA Certification (Mandatory)
- Bachelor's degree in IT, Computer Science, Information Systems, or related field.
- 4–8 years of experience in GRC, IT Audit, Risk & Compliance.
Strong Understanding Of
- Risk management methodologies
- Information security controls
- Experience with audit tools, GRC platforms, or risk management tools is a plus.
- Strong analytical, documentation, and stakeholder management skills.
