We are currently seeking a driven and ambitious GRC Consultant to join our team within the Governance, Risk & Compliance (GRC) Services division. As part of our Advisory team, we specialize in assisting our clients within all sectors to enhance their security posture, internal controls, risk management, governance, and compliance practices . This role offers an exciting opportunity to collaborate with experienced professionals in the field and contribute to the improvement of our clients' operational excellence.

What you get to do:

Collaborate with the team to analyze the design of operational processes and controls, including the testing of control effectiveness. Identify ineffective controls within business processes as part of internal audit engagements.

Support the team in assessing the company's compliance against regulatory requirements.. Identify gaps and provide recommendations as part of compliance engagements.

Assist in analyzing the design of Enterprise Risk Management frameworks, including the testing of control effectiveness. Identify gaps and provide recommendations as part of risk management engagement.

The work will involve a variety of projects and challenges, including:

• Undertaking information security audits or assessments against industry standards and regulatory frameworks, such as ISO 27001/2, NIST CSF, SWIFT CSP, GDPR, DORA, etc.

• Providing consultancy on designing, reviewing and implementing information security policies, standards, and procedures, as well as digital operational resiliency plans.

• Conducting Cyber maturity assessments to identify gaps and provide adequate recommendations.

• Conducting security risk assessments and advising on risk treatment options.

• Providing general consultancy with respect to various information and cyber security domains, assisting clients in aligning with industry best practices.

• Delivering security-related training on different topics to a variety of audiences.

• Assisting in business development and generating new opportunities.

The ideal candidate would:

• Have around 3-5 years of experience in Information / Cyber security as a Consultant.

• Be competent in Information Security management, as well as the GRC aspects.

• Be willing to undergo training on tools, methods and technologies to broaden his/her expertise.

• Enjoy being face to face and a trusted security advisor. 

• Have strong presentation and report writing skills.

• Have strong time management skills, including flexibility to work with shifting priorities and client needs.

• Value and practice high standards of ethical behavior and professionalism.
• Authorized to work in the United States without sponsorship. 

Candidates are expected to aspire to obtain industry certifications, such as Security+, CISA, CISM, and CISSP, if not already obtained.

#LI-JC2