GRC Consultant

Job Title: GRC Consultant – Junior
Experience Required: 2 - 4 years
Location: Powai, Mumbai

Department: Risk Advisory / Information Security / Cybersecurity

Reports to: Senior Consultant

Role Summary:

We are seeking a GRC Consultant (Junior) with 2-4 years of experience to support clients in building and enhancing their Governance, Risk, and Compliance (GRC) frameworks. The ideal candidate will work with senior consultants to assist in the execution of risk assessments, compliance audits, policy reviews, and control implementations across various industries.

Key Responsibilities:

1. Governance & Compliance:

• Must be able to draft and review IT and information security policies, procedures, and standards.
• Must be able to conduct GAP assessments against frameworks such as ISO 27001, SOC 2, GDPR, and PCI-DSS.
• Coordinate audit preparation and evidence collection with client teams.
• Work on the maintenance and continual improvement of Information Security Management Systems (ISMS).
• Should be able to conduct Internal Audits.

1. Risk Management:

• Participate in IT and cybersecurity risk assessments and update risk registers.
• Must be able to identify risks, recommend mitigation actions, and track closure of identified risks.
• Must be able to prepare risk analysis reports and present key findings to stakeholders.

1. Client Engagement Support:

• Collaborate with client teams to gather required information and documents.
• Assist senior team members in delivering client reports, presentations, and project documentation.
• Participate in internal and external audit support for compliance assessments.

1. GRC Tools & Technologies (Preferred):

• Exposure to GRC platforms/tools like Archer, ServiceNow GRC, MetricStream, or equivalents.
• Familiarity with tools used in risk assessments and compliance tracking.