Experience Required : 2 - 3 years
Location : Andheri, Mumbai
Department : Risk Advisory / Information Security / Cybersecurity
We are seeking a GRC Consultant (Junior) with 2-3 years of experience to support clients in building and enhancing their Governance, Risk, and Compliance (GRC) frameworks. The ideal candidate will work with senior consultants to assist in the execution of risk assessments, compliance audits, policy reviews, and control implementations across various industries.
- Assist in drafting and reviewing IT and information security policies, procedures, and standards.
- Support in conducting GAP assessments against frameworks like ISO 27001, SOC 2, GDPR, PCI-DSS.
- Coordinate audit preparation and evidence collection with client teams.
- Work on the maintenance and continual improvement of Information Security Management Systems (ISMS).
- Participate in IT and cybersecurity risk assessments and update risk registers.
- Support in identifying risks, recommending mitigation actions, and tracking closure.
- Assist in preparing risk analysis reports and presenting key findings.
- Collaborate with client teams to gather required information and documents.
- Assist senior team members in delivering client reports, presentations, and project documentation.
- Participate in internal and external audit support for compliance assessments.
- Exposure to GRC platforms/tools like Archer, ServiceNow GRC, MetricStream, or equivalents.
- Familiarity with tools used in risk assessments and compliance tracking.
- Bachelor’s degree in Information Technology, Computer Science, Cybersecurity, or related fields.
- 2-3 years of experience in GRC, Information Security, IT Compliance, or Risk Management roles.
- Basic to intermediate knowledge of ISO 27001, SOC 2, NIST CSF, or similar frameworks.
- Good understanding of risk assessment methodologies and compliance processes.
- Strong communication, report-writing, and documentation skills.
- Proficiency in MS Office (Excel, Word, PowerPoint).
- ISO 27001 Lead Auditor (Mandatory)
- CISA (Certified Information Systems Auditor) (optional)
- CRISC (Certified in Risk and Information Systems Control) (optional)
- ITIL Foundation (for process understanding)
