▷ [30/09/2025] Lead Consultant - GRC and Security Job

Job Description

YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation.

At YASH, we're a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future.

We are looking forward to hire Application Security Professionals in the following areas :

Position: GRC and Security Lead

We are seeking a seasoned GRC andSecurity Lead, who will oversee and ensure delivery of a multi-track security client engagement across multiple domains. He will also be independently responsible for GRC, Incident Management and Change Management deliverables in the client engagement.

The ideal candidate will have a strong foundation in managing deliverables across towers, stakeholder coordination, cybersecurity governance and GRC experience.

Key Responsibilities 1. Multi track delivery oversight

- Coordinate and manage execution, delivery, timelines and quality of delivery across multiple towers, including SOC Monitoring, Incident Management, EDR, Threat Hunting, Vulnerability Management, Data Security and Zscaler
- Facilitate timely updates, process improvements, and stakeholder communications
- Ensure closure of action items across forums, including weekly status updates and bi-monthly audit board reporting
- Coordinate, Lead preparation and present weekly operational status reporting across towers to the client.
- Coordinate and help prepare monthly business review presentations with executive-ready summaries, KPIs, service metrics, and security scorecards

2. Governance Risk and Compliance

- Own, execute and independently deliver GRC track

- Drive policy creation, implementation, and annual reviews as per NIST standards
- Drive SOP reviews annually
- Drive User Access reviews quarterly
- Drive Security architecture reviews
- Manage KnowBe4 and LMS platforms for user training and campaign tracking
- Publish phishing campaign results and coordinate remediation training
- Deliver Risk management process, maintain risk register
- Conduct quarterly internal NIST assessments
- Conduct quarterly phishing and training campaigns

- Security Incident Management

- Act as Security Incident Manager for the engagement:
- Lead incident triage, investigation, documentation, and closure
- Coordinate with SOC and internal teams during high-priority events
- Perform root cause analysis and drive corrective/preventive actions
- Maintain incident logs, escalations, and resolution workflows
- Report incident trends, impact summaries, and response metrics in MBRs and audit boards
- Create and maintain necessary playbooks, SOPs and conduct table top exercises

- Own, execute and independently deliver Change & Project Management track

- Coordinate CAB and ECAB boards. Run CAB meetings
- Track Jira project boards, SOP documentation, and approval workflows
- Ensure accurate documentation and risk register maintenance

3. Ideal Candidate Profile

- Security Leadership: 812 years in cyber security operations and program leadership. Team and deliverable management, Attention to detail, Problem-solving mindset, Excellent stakeholder communication skills are vital for success in this role.
- Incident Response: Hands-on experience with incident handling, SOC collaboration, forensic analysis
- Reporting Acumen: Strong ability to craft client briefings for operations and strategic leadership
- GRC: NIST, ISO, CIS control frameworks; GRC tool familiarity
- Technical Toolset: Sentinel, ServiceNow, KnowBe4, LMS, Zscaler, Jira, Sophos
- Communication Skills: Strong coordination and escalation handling
- Certifications (Preferred): CISSP, CISM, PMP, ITIL, or equivalent

At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale.

Our Hyperlearning workplace is grounded upon four principles

- Flexible work arrangements, Free spirit, and emotional positivity
- Agile self-determination, trust, transparency, and open collaboration
- All Support needed for the realization of business goals,
- Stable employment with a great atmosphere and ethical corporate culture