GRC Consultant

Job Title: GRC Consultant

Experience: 6 Years
Location: Mumbai (5 Days Work from Office)

Role Overview

We are looking for an experienced GRC Security Analyst to drive governance risk and compliance initiatives across the organization. The role focuses on establishing GRC frameworks managing audits ensuring regulatory compliance and strengthening the overall security and risk posture through continuous improvement and stakeholder collaboration.

Key Responsibilities

1. GRC Framework Development

• Develop and implement enterprise-wide GRC frameworks policies standards and procedures
• Align GRC programs with business objectives and regulatory requirements
• Continuously enhance governance structures and control frameworks

2. Risk Management

• Conduct enterprise risk assessments and identify potential security and operational risks
• Define risk mitigation strategies and track remediation efforts
• Maintain risk registers and ensure timely closure of identified risks

3. Compliance Management

• Ensure compliance with key standards and regulations such as:
  • GDPR
  • SOC 2
  • ISO 27001
• Monitor adherence to internal policies and external regulatory requirements
• Support compliance assessments and certification initiatives

4. Audit Management

• Plan and execute internal and external audits across IT security and business processes
• Prepare audit documentation reports and evidence repositories
• Track audit findings and ensure closure of corrective actions

5. Internal Controls & Assurance

• Evaluate effectiveness of internal controls across IT systems financial processes and operations
• Strengthen control design to prevent fraud security breaches and compliance gaps
• Perform control testing and validation activities

6. Technical GRC Implementation

• Implement and integrate technical security controls within GRC frameworks
• Work closely with IT and security teams to align controls with architecture
• Support incident response governance including RCA documentation and corrective actions

7. Automation & Tooling

• Implement GRC tools to automate control monitoring risk tracking and compliance reporting
• Improve efficiency through workflow automation and control dashboards
• Leverage tools for exception management and continuous monitoring

8. Reporting & Metrics

• Develop dashboards KPIs and metrics to track GRC performance
• Provide regular reporting to senior leadership and stakeholders
• Present risk posture compliance status and audit insights

9. Security Awareness & Training

• Design and deliver security awareness and compliance training programs
• Promote a strong security and risk-aware culture across the organization
• Provide guidance to business teams on GRC best practices

10. Stakeholder Collaboration

• Collaborate with Legal IT Security and Business teams to implement GRC initiatives
• Act as a trusted advisor for governance and compliance-related matters
• Support cross-functional projects and regulatory engagements

Required Skills & Qualifications

Technical & Functional Skills

• Strong understanding of GRC principles risk management and compliance frameworks
• Experience with audits control testing and regulatory assessments
• Knowledge of IT security concepts and enterprise risk management
• Familiarity with GRC tools and automation platforms

Core Competencies

• Strong analytical and risk assessment skills
• Excellent communication and stakeholder management abilities
• Attention to detail with strong documentation skills
• Ability to manage multiple audits and projects simultaneously
• Proactive and solution-oriented mindset

Project & Audit Skills

• Experience in audit planning execution and reporting
• Ability to manage corrective actions and track remediation
• Strong project management and coordination skills

Preferred Qualifications

• Certifications such as CISA CRISC ISO 27001 Lead Auditor/Implementer
• Experience in large enterprise or consulting environments
• Exposure to regulatory environments and financial services industry