Grc Consultant

We are seeking a highly motivated and skilled GRC Consultant to join our team. The ideal candidate will have a strong background in Governance, Risk, and Compliance (GRC), with hands-on experience in ISO 27001 audits, and ISMS (Information Security Management System) implementation. This role involves supporting the development, implementation, and monitoring of GRC frameworks, performing risk assessments, ensuring regulatory compliance, and improving overall governance processes within the organization.

Key Responsibilities:

-GRC Framework Implementation & Management:
Develop, implement, and manage GRC frameworks aligned with industry standards and regulatory requirements.

- ISO 27001 & SEBI CSRF Compliance:

Conduct internal ISO 27001 audits, assess the effectiveness of ISMS, and ensure adherence to SEBI Cybersecurity & Cyber Resilience Framework (CSRF) requirements. Support implementation, periodic compliance checks, and continuous improvement to meet regulatory standards.

-Risk Management:
Perform risk assessments to identify and prioritize risks, advising on mitigation strategies and ensuring proper implementation of controls.

-Policy & Documentation:
Review and create security policies, procedures, and documentation to align with GRC frameworks, ensuring compliance with relevant regulations.

-Audit & Reporting:
Prepare audit reports on compliance status, identify risks and gaps, and recommend actions. Assist in planning and coordinating audits, should understand auditing criterias & evidence required.

-Independently handle audit reports, ensuring accuracy, completeness, and timely submission to stakeholders and regulators.

-Stakeholder Engagement:
Work with internal teams, auditors, and vendors to ensure GRC compliance. Provide training and guidance to stakeholders on risk and compliance management.

-Continuous Improvement:
Monitor regulatory changes and emerging risks, recommending improvements to GRC processes and tools to enhance overall compliance and governance.

Key Skills & Qualifications:

Experience: Minimum of 2-4 years of hands-on experience in GRC consulting, ISO 27001 audits, ISMS implementation.

Knowledge:

Strong understanding of GRC principles and frameworks, including ISO 27001,GDPR, NIST, and other security standards.

In-depth knowledge of risk management principles, compliance regulations, and audit methodologies.

Familiarity with GRC tools (e.g., RSA Archer, MetricStream, etc.) is a plus.

Skills:

Strong ability to conduct risk assessments, audits, and internal assessments across various compliance frameworks.

Excellent written and verbal communication skills, with the ability to prepare detailed reports and present findings to senior management.

Strong analytical skills with the ability to assess complex regulatory requirements and provide actionable solutions.

Proficient in developing, updating, and reviewing policies and procedures.

Strong knowledge of auditing criteria's & evidences

In-depth knowledge of risk management principles, compliance regulations, and audit methodologies.

Certifications:

ISO 27001 Lead Auditor or Implementer certification (Mandatory).

Certifications such as CISA, CISSP, CISM, or GRCP (GRC Professional Certification) are desirable.

Soft Skills:

Excellent communication Skill.

Strong problem-solving and analytical abilities.

Ability to work independently, as well as collaboratively, within a cross-functional team.

Detail-oriented with the ability to prioritize tasks and meet deadlines in a dynamic environment.

Why Join Us?

Competitive salary and benefits.

Opportunities for career advancement and professional development in the growing field of GRC.

Work in a collaborative, dynamic environment with a focus on continuous improvement and innovation in risk management and compliance.

How to Apply: Interested candidates are encouraged to submit their resume and cover letter outlining their relevant experience and qualifications to or can connect on

Immediate joiner are preferable.