Senior Consultant - GRC

We’re excited to announce that

Crossbow

is growing, and we’re looking for passionate professionals to join our team!

Open Role(s) : Senior

Consultant - GRC

Location : Bangalore

Experience Required :

5–8 years experience

Job Description : Lead and execute

ISO 27001 implementation and audit projects , including risk assessments, gap analysis, and compliance checks.

Drive the

implementation of NIST cybersecurity frameworks (e.g., NIST CSF, 800-53, 800-171)

for clients across industries.

Provide strategic guidance on

security best practices, governance, risk, and compliance (GRC)

initiatives.

Perform

internal audits

and

prepare clients for certification audits

in alignment with ISO standards.

Create and maintain

Information Security Management System (ISMS)

documentation and support continual improvement processes.

Collaborate with cross-functional teams and manage

end-to-end client engagements .

Mentor and lead a team of junior consultants; review deliverables and ensure timely project delivery.

Conduct security awareness sessions, training, and workshops for clients and internal stakeholders.

Stay updated on evolving threats, industry standards, and compliance regulations.

Should be open to travel and work at client premises as and when required by project or business demands is essential.

Requirement : 5 to 8 years

of professional experience in Information Security consulting.

Proven experience with

ISO 27001

implementation & auditing.

Experience in

NIST

framework implementation and controls assessment.

Experience in auditing cloud environments across platforms such as

AWS, Azure, or Google Cloud .

Strong understanding of GRC practices and cybersecurity principles.

ISO 27001 : 2013 / 2022 Lead Auditor Certification

is mandatory.

Prior

team management or leadership experience

is required.

Excellent communication, documentation, and presentation skills.

Ability to work independently and manage multiple client engagements.

Exposure to other frameworks and standards like SOC 2, HIPAA, GDPR, PCI DSS is a plus.

Experience working with clients from BFSI, IT / ITES, or Healthcare sectors.

Additional certifications such as CISA, CISM, or CISSP are advantageous.