GRC Consultant

Matayo AI Solutions Pvt Ltd (Matayo 360° GRC Service Division) is looking for a passionate GRC Consultant to join our fast-growing compliance advisory team.

If you live and breathe ISO 27001, SOC 2, PCI DSS can think like an auditor, and love solving risk management puzzles — we want to meet you!

Position: GRC Consultant

Location: Hybrid (Bangalore/ Remote – India)

Experience: 1–2 Years in GRC / ISO 27001 Implementation

Qualification: ISO 27001 Lead Implementer or Lead Auditor (Mandatory)

CTC: 4,50,000 PA to 6,00,000 PA

Key Skills Required:

• Hands-on experience in implementing and auditing ISO/IEC 27001:2022
• Familiarity with ISO 31000 Risk Management principles
• Understanding of Annex A controls and Statement of Applicability (SoA)
• Experience conducting Internal Audits, Risk Assessments, and GAP Analysis
• Documentation skills — policies, procedures, risk registers, audit checklists
• Exposure to SOC 2 readiness, GDPR, or DPDPA (added advantage)
• Excellent written and verbal communication skills

Roles & Responsibilities:

Governance & Compliance

• Assist clients in implementing ISO 27001:2022 ISMS framework, including defining scope, policy documentation, control implementation, and management review.
• Conduct GAP assessments and prepare SoA and Risk Treatment Plans.
• Align controls with frameworks like SOC 2, PCI DSS, HIPAA, and GDPR as needed.

Risk Management

• Perform risk identification, analysis, and evaluation in line with ISO 31000.
• Develop and maintain Risk Register using impact–likelihood matrices.
• Recommend and track risk treatment plans and mitigation actions.

Internal Audit & Assurance

• Plan and execute Internal Audits based on ISO 27001:2022 Annex A controls.
• Collect and review evidence from business, IT, and HR departments.
• Prepare audit reports, NC (Nonconformity) logs, and CAPA (Corrective Action) tracking.
• Support clients in external certification audits with CBs.

Documentation & Reporting

• Draft and maintain compliance documents: ISMS Manual, Policies, Procedures, Risk Register, SoA, and Audit Checklists.
• Prepare MIS dashboards, compliance status reports, and management review summaries.

Client Engagement & Delivery

• Support end-to-end GRC project execution — from scoping to closure.
• Coordinate with cross-functional teams and external auditors.
• Deliver presentations and training to clients on ISMS and Risk Management concepts.

Project Exposure:

• Should have successfully executed at least two (2) complete ISO 27001 or integrated GRC implementation projects (from GAP to certification stage).

Soft Skills:

• Strong analytical, problem-solving, and documentation capabilities
• Ability to manage multiple client projects simultaneously
• High integrity, confidentiality, and attention to detail

Career Path:

• Growth into Senior GRC Consultant / vCISO Track within 2–3 years
• Exposure to global frameworks – SOC 2, PCI DSS, HITRUST, ISO 42001 (AI Governance), NIST

Compensation:

Competitive salary based on experience and certification level

• performance-based incentives per project completion

How to Apply:

• Send your resume and certification copies to

admin_hr@matayo-ai.com

Job Type: Full-time

Application Question(s):

• How soon can you join if shortlisted? (No. of Days)
• Do you have experience? Are you familiar with ISO 31000 Risk Management framework and risk scoring methods (Impact × Likelihood)? preparing Risk Registers, SoA, or Audit Checklists? (Yes or No)
• Have you worked on Internal Audit planning, execution, and CAPA tracking? (Yes or No)
• Have you completed ISO 27001:2022 Lead Implementer or Lead Auditor certification? (Yes or No)
• How many ISO 27001 projects have you personally executed (implementation or audit)? (Number of Projects)
• Do you have the following license or certification: Lead Auditor? (Yes or No)
• Have you worked with other frameworks like SOC 2, GDPR, or PCI DSS (optional but preferred)? (Yes or No)

Work Location: In person