Cyber Security GRC Consultant

Mission

The Cyber Security GRC Consultant focuses on contributing to the development, implementation, and maintenance of governance, risk, and compliance programs, ensuring that our organization and clients maintain robust information security and regulatory compliance.

Key Accountabilities

Consultancy and Advisory:
 - Provide consultancy in governance, risk, compliance, and privacy to internal teams and clients.
 - Contribute in developing and implementing GRC policies, procedures, and frameworks tailored to organizational needs.
Risk Analysis and Assessment:
 - Conduct risk analyses and vulnerability assessments to identify potential threats and compliance gaps.
 - Contribute to developing mitigation strategies and recommend solutions to address identified risks and vulnerabilities.
Compliance Implementation and Maintenance:
 - Support the implementation and ongoing maintenance of compliance frameworks such as ISO 27001, GDPR, NIST Cybersecurity Framework, and CMMC requirements.
 - Monitor regulatory changes and contribute to updating internal processes to ensure continuous compliance.
Collaboration and Training:
 - Collaborate with cross-functional teams to ensure compliance with all relevant regulatory requirements.
 - Provide advice, guidance, and training to employees on compliance best practices and the importance of adhering to security protocols.
Internal Audits and Corrective Actions:
 - Conduct internal audits to evaluate the organization’s level of compliance with established policies and frameworks.
 - Recommend and contribute in the implementation of corrective actions to address any identified compliance issues.
Certification Support:
 - Assist the organization in achieving and maintaining industry certifications by providing necessary support and documentation.
 - Ensure ongoing adherence to certification requirements.
Pre-Sales and Project Scaling:
 - Support pre-sales activities by providing technical expertise and developing proposals that meet client requirements.
 - Assist in scaling projects, ensuring that compliance and security requirements are met throughout the project lifecycle.

Education

Qualifications

 - Professional certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer, or equivalent are highly desirable.
 - 3 to 5 years of experience in governance, risk management, and compliance within the cybersecurity domain.
 - Knowledge of relevant regulatory frameworks and standards (ISO 27001, GDPR, NIST Cybersecurity Framework, CMMC).
 - Strong analytical skills and the ability to conduct thorough risk assessments and audits.
 - Excellent communication and interpersonal skills, with the ability to provide clear guidance and training.
 - Proven experience in collaborating with cross-functional teams and managing compliance projects.
 - Ability to stay updated on the latest regulatory changes and industry trends.

Competencies