GRC Consultant

Key Responsibilities:

1. ISO27001 Implementation and Management

• Develop and implement an Information Security Management System (ISMS) as per ISO27001:2022 standards.
• Conduct regular gap assessments, risk mapping and evaluations, and maintain ISMS documentation.
• Drive the ISO27001 certification process and manage ongoing compliance.

2. Internal Audits and Risk Assessments

• Plan, execute, and document internal security audits to ensure adherence to organisational policies and regulatory standards.
• Identify gaps, recommend corrective actions, and monitor their implementation.
• Conduct periodic risk assessments to mitigate emerging threats.

3. Regulatory Compliance

• Ensure full compliance with RBI and SEBI cybersecurity guidelines, including IT governance, resilience, and data protection requirements.
• Stay updated on regulatory changes and advise the organization on necessary adjustments.
• Oversee the preparation and submission of compliance reports to regulatory bodies.

4. Cybersecurity and Resilience

• Develop and implement strategies to enhance the organization's cybersecurity posture and operational resilience.
• Monitor and enforce security controls such as access management, data encryption, and incident response readiness.
• Collaborate with IT teams to ensure secure infrastructure and application development practices.

5. Policy Development and Awareness

• Draft and update cybersecurity and IT compliance policies to align with ISO27001, RBI, SEBI, and other standards.
• Conduct training and awareness programs for employees to foster a security first culture.

6. Incident Management

• Lead the development and testing of incident response plans, ensuring quick and effective handling of security events.
• Provide insights and corrective measures post-incident, enhancing future resilience.

7. Vendor and Third-Party Risk Management

• Evaluate third-party vendors and service providers for compliance with security and regulatory standards.
• Develop frameworks for monitoring vendor performance and adherence to contracts.

8. Continuous Improvement

• Identify opportunities for improving IT governance, data protection, and compliance
• frameworks.
• Leverage technology and automation to streamline security and compliance processes.

Requirements

• Strong understanding of RBI, SEBI, and other Indian regulatory frameworks.
• Expertise in internal audits and risk management.
• Excellent communication and presentation skills, stakeholder management, and problem solving skills.
• Familiarity with tools and frameworks related to vulnerability management, SIEM, and compliance monitoring.

Qualifications

• Education: Bachelor's degree in IT, Computer Science, or a related field.
• Certifications: ISO27001 Lead Auditor Preferred
• Experience: Proven experience in information security, regulatory compliance, and implementing ISO27001 standards.

Job Type: Full-time

Pay: ₹60,000.00 - ₹70,000.00 per month

Benefits:

• Health insurance
• Provident Fund

Application Question(s):

• How many years of experience do you have in implementing or managing ISO27001 standards?
• Have you conducted or participated in internal audits or risk assessments?
• Are you familiar with Indian regulatory frameworks such as RBI, SEBI, or CERT-In cybersecurity guidelines?
• Do you hold any relevant certifications (e.g., ISO27001 Lead Auditor / Lead Implementer)?
• What is your current CTC ?
• What is your expected CTC ?
• What is your current notice period?
• Are you open to working from the office (Mumbai location)?

Work Location: In person