GRC Consultant (ISMS, BCMS, ITSM & Cyber Resilience)

DUTIES AND RESPONSIBILITIES

1. Lead and execute the enterprise Governance, Risk, and Compliance (GRC) program aligned with ISO 27001 (ISMS), ISO 22301 (BCMS), and ISO 20000 (ITSM).

2. Serve as the primary internal GRC and compliance point of contact for HMEL and coordinate with external auditors, consultants, and regulators.

3. Drive ISMS lifecycle activities including scope definition, risk assessment, Statement of Applicability, control implementation, and continuous monitoring.

4. Establish and maintain an integrated cyber resilience and business continuity framework, ensuring alignment between security, disaster recovery, and operational continuity.

5. Lead Business Impact Analysis (BIA), risk assessments, BC/DR strategy, and testing exercises to ensure recovery readiness.

6. Govern and enhance IT Service Management processes in alignment with ISO 20000 and ITIL best practices, including incident, problem, change, and service-level management.

7. Conduct enterprise risk assessments, maintain the risk register, and track remediation through defined KRIs, KPIs, and risk treatment plans.

8. Develop, review, and maintain information security, business continuity, and ITSM policies, standards, and procedures.

9. Plan and execute internal audits, control assessments, and compliance reviews across IT, cloud, OT (if applicable), and business functions.

10. Coordinate external certification and surveillance audits for ISO 27001, 22301, and 20000, including evidence readiness and closure of non-conformities.

11. Ensure alignment with regulatory and contractual compliance obligations, including privacy and data protection requirements where applicable.

12. Deliver executive dashboards, compliance scorecards, and governance reports with metrics for IT and cyber security to senior leadership and risk committees.

13. Facilitate security and continuity awareness programs, tabletop exercises, and stakeholder training.

14. Conduct established third-party risk management and supplier assurance audits aligned with ISO and enterprise risk frameworks.

15. Drive continuous improvement initiatives to enhance compliance maturity, cyber resilience, and service governance effectiveness.

16. Support technology and transformation programs with risk reviews, control design, and compliance validation prior to production deployment.

17. Participate in cyber maturity assessments (ISO maturity, NIST CSF alignment, resilience benchmarking) and drive closure of identified gaps.

18. Ensure documentation, evidence repositories, and audit trails are maintained for sustained certification readiness.

19. Collaborate with SOC, infrastructure, cloud, privacy, and business teams to ensure holistic risk and resilience governance.

20. Manage GRC-related projects, remediation programs, and control automation initiatives to improve efficiency and assurance.

21. Prepare and present Weekly Status Reports with KPIs and KRIs (Use Every Week). Sections to Include : Progress vs roadmap, Risks & issues, Compliance posture snapshot, Metrics (KRIs/KPIs, closure %), Decisions required, Plan for next week

22. Conduct extensive internal audits at process level for ISMS, BCMS and ITSM at process level, present the audit report and drive closure of the gaps.

23. Drive BC/DR exercises and review reports and execute improvements for IT landscape 24. Review and update all the required policy, process documents (existing/new) required for ISMS, BCMS, ITSM aligned to HMEL environment.

25. Conduct monthly assurance review for major managed services (IT Infra, IT-Apps and SOC),

26. Execute/conduct monthly Quality review, Risk review and weekly VA review and drive closure.

27. Conduct risk assessments for all the IT assets as per ISMS, BCMS and ITSM standards.

28. Conduct BIA and identify crown jewel assets for HMEL. Define security and resiliency for the crown jewels.

29. Review, maintain and track the security exceptions ( business need, technology limitations or policy exceptions) on a monthly basis.

30. Review all the new upcoming projects, solutions in HMEL from Cyber security secure-by-design, compliance point of view, provide cyber clearance and document the final approved solution and any risk or exception identified, ensure the agreed controls are implemented in the solution during and post deployment and production go-live.

31. Experience or knowledge in SAP GRC and auditing

QUALIFICATIONS & EXPERIENCE:

Qualifications:

The candidate must be a graduate engineer in Engineering, computer science, Information Security, or a related field.

Relevant information security and governance certifications (e.g., CEH, CISSP, CISM, CCSK, ISO 27001/22301/20000 LA/LI, ITIL etc.) preferred.

Experience

810 years of experience in GRC, Information Security, Risk, Compliance, or IT governance roles. Hands-on experience implementing or managing ISO 27001, ISO 22301, and ISO 20000 programs and audits.

Strong understanding of enterprise risk management, control frameworks, and cyber resilience principles.

Experience conducting risk assessments, BIA, DR testing, intensive internal audits, and remediation management.

Familiarity with global frameworks such as NIST CSF, CIS Controls, COBIT, and ISO standards.

Working knowledge of cloud, infrastructure, application, and OT risk considerations for control implementation and audit

Experience with GRC tools, compliance dashboards, and audit evidence management.

Ability to operate in fast-paced environments, managing multiple compliance and audit timelines.

Strong stakeholder management, governance reporting, and communication skills.

Understanding of IT Service Management aligned to ISO 20000 / ITIL.

Excellent communication skills, with the ability to collaborate effectively across departments and levels of the organization.