Asap Consultant

Job Title : GRC Consultant Location : Mumbai Experience : 2+ Years Department : Information Risk Management / Cybersecurity Employment Type : Full-time About the Role : We are seeking a proactive and detail-oriented GRC (Governance, Risk & Compliance) Consultant to join our Mumbai team. The ideal candidate will have hands-on experience in IT Audit, Third-Party Risk Management (TPRM), and Information Security Governance. You will assist in evaluating risks, ensuring compliance with policies and standards, and supporting clients in implementing effective risk management frameworks. Key Responsibilities : Perform IT General Controls (ITGC) and Application Controls testing as part of IT audit engagements. Support Third-Party Risk Assessments, including vendor onboarding reviews, control assessments, and risk reporting. Assist in the design, implementation, and monitoring of GRC frameworks, policies, and processes. Conduct risk and compliance assessments aligned with frameworks such as ISO 27001, NIST, and SOC 2. Prepare audit findings, risk registers, and remediation plans in collaboration with client stakeholders. Assist clients in meeting regulatory and compliance obligations in areas like data protection, cybersecurity, and IT governance. Coordinate with cross-functional teams to ensure effective risk mitigation and continuous improvement of compliance posture. Required Skills & Qualifications : Bachelor’s degree in Information Technology, Computer Science, or related discipline. 2+ years of experience in IT Audit, TPRM, or GRC domains. Working knowledge of frameworks such as ISO 27001, COBIT, NIST, and SOC 2. Strong understanding of information security controls, risk assessment, and compliance testing. Excellent report writing and communication skills. Certifications like CISA, ISO 27001 LA, or CRISC (preferred but not mandatory). Preferred Attributes : Strong analytical and problem-solving abilities. Ability to work independently and collaboratively within client-facing environments. Proactive approach to identifying and mitigating risks. Eagerness to learn and grow in the GRC and cybersecurity domain. Why Join Us : Opportunity to work with leading clients across industries. Exposure to multiple governance and risk management frameworks. Supportive work culture fostering continuous learning and growth.