GRC Analyst

About UsTsaaro Consulting's prime focus is on Data Privacy and SecurityOur team of specialist Data Privacy Consultants, Information Security Consultants, and penetration testers help and advise our Clients to make running a secure business easier with high efficiencyEverything We do is tailored to the individual, and organisational requirements, aligned with their budget and resource challengesWe take a pragmatic, risk-based approach to provide our clients with real-world, workable advice, guidance, and support That helps them to deal with a wide range of security and privacy-related challengesAt Tsaaro, we adopt a pragmatic, risk-based strategy to deliver practical and effective adviceBy providing real-world guidance, support, and actionable recommendations, we confidently equip our clients to address a broad spectrum of security and privacy challengesLooking to take your career in a new, high-impact directionTsaaro Consulting is seeking for a highly skilled and experienced GRC Analyst, this role is for those eager to transition into data privacy and information security, with hands-on experience and mentorship from industry expertsResponsibilitiesAssist in the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in accordance with ISO 27001 standardsMonitor and ensure compliance with ISO 27001, making sure controls are in place and effectively operating across the organizationConduct regular assessments to ensure adherence to regulatory, contractual, and internal security requirementsCoordinate internal audits and provide support for external ISO 27001 auditsPrepare documentation, assist with gathering evidence, and address findings to ensure timely closure of audit actionsMaintain and update ISMS documentation, policies, and proceduresEnsure that security controls, risk assessments, and audit records are accurately documented and up to dateSupport the delivery of security awareness and training programs related to ISO 27001 standardsFoster a culture of security awareness across the organizationSupport incident response processes and prepare crisis management plans, ensuring incidents are logged, analysed, and resolvedParticipate in root cause analysis and implement corrective actions to prevent recurrenceCollaborate with cross-functional teams to identify, assess, and prioritise security risksAssist in developing risk mitigation strategies and track the progress of risk treatment plansProactively identify opportunities to enhance the ISMS framework, suggesting improvements to policies, processes, and tools to ensure they are efficient and effectiveRequirementsMinimum of 2 years in Governance, Risk, and Compliance (GRC) roles, with a focus on ISMS and ISO 27001Bachelors degree in Information Security, Computer Science, Business Administration, or a related field (preferred)Excellent analytical and problem-solving skillsStrong understanding of regulatory requirements and industry standards related to information securityProficiency in risk assessment methodologies and risk management practicesStrong communication and interpersonal skillsAbility to work effectively both independently and as part of a teamExperience with security incident response and crisis managementFamiliarity with data protection regulations and privacy lawsCertification in ISO 27001 Lead Auditor or Lead Implementer (preferred)Experience in developing and delivering security awareness training programsBenefitsCompetitive salary and performance-based bonusesProfessional development opportunities, including training and certificationsFlexible working hoursCollaborative and inclusive work environmentOpportunity to work with a passionate team dedicated to making a difference in data privacy and securitycheck(event) ; career-website-detail-template-2 => apply(record id,meta)" mousedown="lyte-button => check(event)" final- final-class="lyte-button lyteBackgroundColorBtn lyteSuccess" lyte-rendered="">