Consultant - ISMS/GRC
Consultant - ISMS/GRC
Employer Active
Job Alert
You will be updated with latest job alerts via email
Share
Job Alert
You will be updated with latest job alerts via email
Job Description
Job Summary:
We are seeking a Consultant with proven experience in implementing and maintaining ISO 27001-based Information Security Management Systems (ISMS) and IT Governance Risk and Compliance (IT GRC) frameworks. The ideal candidate will have hands-on expertise in ISO 27001 gap assessments risk assessments policy development and certification audit preparation along with working knowledge of standards such as NIST NCA SAMA COBIT and ITIL. This role involves supporting compliance programs developing security controls conducting awareness training and assisting clients in aligning IT strategies with regulatory requirements including GDPR HIPAA and PCI-DSS. Strong documentation auditing and communication skills are essential.
Job Description:
ISMS Responsibilities:
- Experience of implementation and maintenance of ISO 27001-based Information Security Management Systems (ISMS).
- Perform gap assessments to identify areas of non-compliance and assist in remediation planning against various standards & frameworks like NIST NCA SAMA etc.
- Participate in risk assessments and help develop mitigation strategies.
- Developing ISMS policies procedures and security controls aligned with ISO 27001 standards.
- Prepare documentation and provide support during ISO 27001 certification audits.
- Conduct security awareness training and incident management processes.
IT GRC Responsibilities:
- Assist in developing and implementing IT governance frameworks (COBIT NIST ITIL).
- Support IT risk assessments compliance audits and regulatory reporting activities.
- Help clients align IT strategies with their business goals while ensuring compliance with regulations like COBIT GDPR HIPAA SOX etc.
- Support in developing and maintaining IT compliance programs and policies.
- Contribute to the development and implementation of GRC tools and processes.
- Participate in internal audits and help clients prepare for external certification audits/compliance checks.
Required Qualifications & Experience:
- Minimum Bachelors degree in Information Security Computer Science or a related field.
- Certifications (preferred): ISO 27001 Lead Implementer / Lead Auditor CISM CRISC or COBIT Foundation.
- Experience: 34 years of experience in ISMS and IT GRC consulting auditing or implementation.
- Familiarity with ISO 27001 gap assessments risk assessments and audits.
- Basic knowledge of IT governance frameworks (COBIT NIST ITIL etc.).
- Understanding of regulatory compliance such as GDPR NIST and PCI-DSS.
- Strong documentation report writing and communication skills is a must.
Requirements
- Masters or Bachelors degree in Information Technology Computer Science or IT-related field.
- ITIL Expert/Managing Professional ISO 20000 Lead Implementer / Lead Auditor ISO 22301 Lead Implementer / Lead Auditor CBCP (Certified Business Continuity Professional).
- 6-8 years of experience in ITSM and BCMS consulting or related roles.
- In-depth knowledge of ITIL ISO 22301 and other relevant frameworks/regulations.
- Practical experience in ISO 22301 implementation BIA DR planning and BCMS assessments.
- Familiarity with IT compliance standards such as ISO 27001 COBIT and NIST NCA.
- Excellent analytical problem-solving and decision-making skills.
- Proven ability to manage multiple projects and clients simultaneously.
- Experience in conducting internal and external audits related to ITSM and BCMS.
- Strong stakeholder engagement report writing and project management skills.
Required Experience:
Contract
Employment Type
Full-Time
