GRC Analyst

Job Summary

Plan and execute audits of Information Security Management Systems (ISMS) based on ISO 27001 standards.

Develop audit schedules, conduct opening and closing meetings, and ensure adherence to audit timelines

Prepare audit plans, checklists, and audit reports detailing findings, non-conformities, and recommendations.

Key Responsibilities, Deliverables / Outcomes

Plan and deliver on technology (IT/IS) audits with full involvement in planning, fieldwork & reporting.

Support IT/IS assurance & advisory reviews to address key enterprise technology risks including assessing the adequacy, design and operating effectiveness of technology and internal controls.

Perform Information Security related assessments to cover domains like User Access management, Network, OS & Application Security, Encryption, Backup Management, Disaster Recovery, Training & Awareness, etc.

Key Skills

Graduate in Science/Engineering

ISO 27001:2022 Lead Auditor/Implementor

CISA/CISM/CISSP preferred

Key Competencies

Minimum 2 to 3 years of experience in information/cyber security domain

Strong background in network security and information & cloud security.

Good Knowledge of ISO 27001 standard and documentation

Good knowledge of cyber security frameworks such as RBI CSF, NIST CSF, etc.

Good presentation skills

Sound knowledge of IT Security and Infrastructure audits.

Must possess basic knowledge of networking, different flavors of operating system, endpoint devices and security devices.

Should be a self-learner and must keep him/herself updated with latest threats and vulnerabilities researched/discovered.