FIND_THE_RIGHTJOB.
Consultant - ISMS/GRC
JOB_REQUIREMENTS
Hires in
Not specified
Employment Type
Not specified
Company Location
Not specified
Salary
Not specified
Job Summary:
We are seeking a Consultant with proven experience in implementing and maintaining ISO 27001-based Information Security Management Systems (ISMS) and IT Governance, Risk, and Compliance (IT GRC) frameworks. The ideal candidate will have hands-on expertise in ISO 27001 gap assessments, risk assessments, policy development, and certification audit preparation, along with working knowledge of standards such as NIST, NCA, SAMA, COBIT, and ITIL. This role involves supporting compliance programs, developing security controls, conducting awareness training, and assisting clients in aligning IT strategies with regulatory requirements including GDPR, HIPAA, and PCI-DSS. Strong documentation, auditing, and communication skills are essential.
Job Description:
ISMS Responsibilities:
We are seeking a Consultant with proven experience in implementing and maintaining ISO 27001-based Information Security Management Systems (ISMS) and IT Governance, Risk, and Compliance (IT GRC) frameworks. The ideal candidate will have hands-on expertise in ISO 27001 gap assessments, risk assessments, policy development, and certification audit preparation, along with working knowledge of standards such as NIST, NCA, SAMA, COBIT, and ITIL. This role involves supporting compliance programs, developing security controls, conducting awareness training, and assisting clients in aligning IT strategies with regulatory requirements including GDPR, HIPAA, and PCI-DSS. Strong documentation, auditing, and communication skills are essential.
Job Description:
ISMS Responsibilities:
- Experience of implementation and maintenance of ISO 27001-based Information Security Management Systems (ISMS).
- Perform gap assessments to identify areas of non-compliance and assist in remediation planning against various standards & frameworks like, NIST, NCA, SAMA etc.
- Participate in risk assessments and help develop mitigation strategies.
- Developing ISMS policies, procedures, and security controls aligned with ISO 27001 standards.
- Prepare documentation and provide support during ISO 27001 certification audits.
-
Conduct security awareness training and incident management processes.
- Assist in developing and implementing IT governance frameworks (COBIT, NIST, ITIL).
- Support IT risk assessments, compliance audits, and regulatory reporting activities.
- Help clients align IT strategies with their business goals while ensuring compliance with regulations like COBIT, GDPR, HIPAA, SOX, etc.
- Support in developing and maintaining IT compliance programs and policies.
- Contribute to the development and implementation of GRC tools and processes.
-
Participate in internal audits and help clients prepare for external certification audits/compliance checks.
- Minimum Bachelor's degree in Information Security, Computer Science, or a related field.
- Certifications (preferred): ISO 27001 Lead Implementer / Lead Auditor, CISM, CRISC, or COBIT Foundation.
- Experience: 3-4 years of experience in ISMS and IT GRC consulting, auditing, or implementation.
- Familiarity with ISO 27001 gap assessments, risk assessments, and audits.
- Basic knowledge of IT governance frameworks (COBIT, NIST, ITIL, etc.).
- Understanding of regulatory compliance such as GDPR, NIST, and PCI-DSS.
- Strong documentation, report writing, and communication skills is a must.
© 2025 Qureos. All rights reserved.