Senior Consultant (GRC)

Job Summary

We are looking for competent and committed professionals of high integrity to join our winning team. A Consultant is responsible for providing industry expertise to corporations and individuals.

Their duties include researching their client and their client’s position within an industry, meeting with company executives or professionals to make suggestions and develop improvement plans based on their needs and maintaining a professional relationship with their clients over time.

Responsibilities

Develop and implement a system-wide risk management function of the information security program to ensure information security risks are identified and monitored.

Internally assess, evaluate, and make recommendations to management regarding the adequacy of the security controls for information and technology systems.

Lead the system-wide information security compliance program, ensuring IT activities, processes, and procedures meet defined requirements, policies, and regulations.

Develop and implement effective and reasonable policies and practices to secure protected and sensitive data and ensure information security and compliance with relevant legislation and legal interpretation.

Execute strategy for dealing with increasing number of audits, compliance checks and external assessment processes for internal/external auditors

Be a key part of GRC projects, end to end from consulting to implementation

Apply GRC fundamentals incorporated in various processes.

Understands and document information systems and processes correctly.

Engage with clients to understand relevant solutions and advise them

Understands information security controls and how they relate to engagement requirements

Raise awareness for clients and internal team.

Education / Certifications

Bachelor’s Degree in an IT-related discipline.

Experience: 5-7 years of experience in an information systems environment, with strong knowledge of IT Governance and Systems Information Security.

Working knowledge of frameworks standards and regulations, including PCI, ISO 27001/22301/20000, NIST CSF, GDPR, COBIT, TOGAF.

Experience in conducting VAPT would an advantage.

Possession of ISO 27001/22301/20000, COBIT 2019, CISA, CISM, CISSP

Possession of a master’s degree and/or PMP, PRINCE2 would be an advantage

Key Skills & Competencies:

The ideal candidate would be agile, ability to perform duties independently under general, minimal supervision within specific assignments.

Ability to develop and maintain internal error logs and provide support.

Proficiency in providing efficient web-portal support.

Ability to ensure optimal system functionality by monitoring performance metrics.

Advanced knowledge of data protection and software encryption.

Industries:Human Resources

Function: Others