SynRadar - GRC Consultant - Information Security

Description :

Role : GRC Consultant

Introduction :

We are looking for a detail-oriented and proactive GRC Consultant to join our team. The ideal candidate will have strong expertise in ISO 27001, information security policy creation, and implementation of Governance, Risk, and Compliance frameworks.

This role will be instrumental in developing and maintaining an organization-wide ISMS, ensuring regulatory compliance, managing audits, and strengthening risk and policy governance.

ISO 27001 Audits & ISMS Implementation :

• Lead internal audits and gap assessments for ISO 27001 compliance.
• Assist in planning, implementing, maintaining, and improving the Information Security Management System (ISMS) as per ISO 27001 standards.
• Maintain and update the Statement of Applicability (SoA) and Risk Treatment Plans.
• Identify non-conformities and drive corrective / preventive actions.
• Coordinate external ISO 27001 surveillance and certification Development & Documentation :
• Create, review, and update policies and procedures to meet GRC and ISO 27001 standards.
• Ensure documentation reflects current compliance requirements and emerging risks.
• Map controls to policies and ensure alignment with audit and regulatory Framework Implementation & Management :
• Design and implement GRC frameworks aligned with international standards and regulatory requirements.
• Collaborate with senior leadership to define key risk indicators (KRIs), controls, and governance procedures.
• Maintain GRC registers, including asset inventory, risk register, and control Management :
• Conduct information security risk assessments using structured methodologies.
• Evaluate and prioritize risks based on likelihood and impact.
• Develop risk mitigation strategies and assist with control implementation and & Compliance Reporting :
• Prepare comprehensive audit reports highlighting compliance status, gaps, and risk exposure.
• Track implementation of corrective actions post-audit and maintain audit trails.
• Assist in the preparation of audit plans, checklists, and evidence collection Engagement & Training :
• Collaborate with business functions, IT, external auditors, and vendors to ensure audit readiness and policy compliance.
• Conduct awareness programs and training sessions on ISO 27001, information security best practices, and GRC responsibilities.
• Promote a culture of compliance and continuous improvement across Monitoring & Improvement :
• Stay updated with changes in ISO standards, cybersecurity threats, and regulatory requirements.
• Recommend and implement improvements in policies, controls, and audit processes to maintain an effective GRC Skills & Qualifications :
• 2 to 3 years in GRC, ISO 27001 implementation / audits, policy management, and ISMS :
• In-depth understanding of ISO 27001, NIST, GDPR, and other information security and privacy standards.
• Strong grasp of risk management frameworks and internal control systems.
• Familiarity with GRC tools (e.g., RSA Archer, MetricStream) is an :
• Expert in writing and implementing security policies and procedures.
• Strong auditing, documentation, and risk assessment capabilities.
• Excellent analytical, communication, and project coordination :
• ISO 27001 Lead Auditor or Lead Implementer certification (preferred).
• Additional certifications such as CISA, CISM, CISSP, or GRCP are a Skills :
• Self-motivated and accountable.
• Strong attention to detail and organizational skills.
• Ability to work cross-functionally and manage multiple priorities.

Why Join Us ?

(ref : hirist.tech)