• Telegram icon
/
UAECanadaAustraliaUnited KingdomIndiaGlobal

GRC Consultant (Mid level)

GRC Consultant (Mid level)

22
Mumbai
Job Views:

Created Date: 2026-01-06

End Date: 2026-03-07

Experience: 6 - 8 years

Salary: 1000000

Industry: IT

Openings: 1

Primary Responsibilities :

Job Title: GRC Consultant – Mid Senior Level

Location: Powai, Mumbai
Experience: 6–8 Years
Employment Type: Full-time | On-site
Department: Risk & Compliance / IT Security
Reports To: GRC Lead / GRC Manager

Role Overview

We are looking for a GRC Consultant with 6–8 years of experience in governance, risk management, and compliance. The role involves hands-on execution of GRC programs, audits, risk assessments, and compliance initiatives across multiple frameworks. The candidate will work closely with clients, auditors, and internal teams to ensure regulatory compliance and effective risk mitigation.

Key Responsibilities

Governance & Compliance

  • Must be able to draft, review, and implement IT and information security policies, procedures, and standards.
  • Conduct GAP assessments against frameworks such as ISO 27001, SOC 2, GDPR, PCI-DSS, DPDPA, NIST.
  • Support and independently manage compliance readiness and certification projects.
  • Coordinate with external auditors and clients during internal and external audits.
  • Prepare audit evidence, corrective action plans, and compliance reports.
  • Should be able to conduct Internal Audits independently.

Risk Management

  • Must be able to identify risks, recommend mitigation actions, and track closure.
  • Perform IT, cybersecurity, operational, and third-party risk assessments.
  • Prepare and present risk analysis reports with key findings and remediation plans.
  • Assist in the development and review of BCP and DRP documentation.
  • Perform vendor and third-party risk assessments.

Security Controls & Compliance

  • Assess and review IT security controls aligned with frameworks like NIST CSF, ISO 27001 Annex A, CIS Controls.
  • Review access management, data protection, and incident response controls.
  • Work with technical teams to validate control implementation and effectiveness.
  • Support security awareness and compliance training initiatives.

GRC Tools & Reporting

  • Hands-on experience using GRC tools such as ServiceNow GRC, RSA Archer, MetricStream, OneTrust, or similar.
  • Maintain compliance trackers, dashboards, and risk registers.
  • Generate periodic compliance and risk status reports for stakeholders.
Experience Requirements:

Required Skills & Expertise

Technical Skills

  • Strong working knowledge of:
    • ISO 27001, SOC 2, PCI-DSS, GDPR, DPDPA
    • Risk frameworks such as ISO 31000, COSO ERM
  • Practical experience in:
    • Internal & external audits
    • Risk assessments and control testing
    • Policy and procedure development
  • Good understanding of IT security, cloud security basics, and data privacy.

 

Soft Skills

  • Strong analytical and documentation skills.
  • Ability to interact confidently with clients, auditors, and internal stakeholders.
  • Good presentation and communication skills.
  • Ability to manage multiple engagements and deadlines.

 

Qualifications & Certifications

Education:

  • Bachelor’s degree in IT, Computer Science, Cybersecurity, or related field.

Preferred Certifications :

  • CISA
  • ISO 27001 Lead Implementer / Lead Auditor
  • ISO 27701 / ISO 22301

Experience Requirements

  • 6–8 years of hands-on experience in GRC, IT risk, compliance, or cybersecurity consulting.
  • Experience working with regulated industries (BFSI, fintech, healthcare, SaaS) is preferred.
  • Prior experience in consulting or audit-driven environments is a plus.
Location

: Alliance Recruitment Agency UAE

:www.alliancerecruitmentagency.ae

:

+91 8980018741

Share Job :
Apply