Job Description

:
:
Key Responsibilities
As a GRC Analyst, you will support the customer organization's governance, risk, and compliance initiatives, helping maintain a secure and compliant environment. Working closely with cross-functional teams, you will assist in ensuring compliance with industry standards and the development of risk management frameworks:

• Support the implementation and maintenance of ISO 27001:2022 standards by assisting in ensuring compliance with security controls and helping prepare for internal and external audits.
• Assist in conducting internal audits and security assessments, gathering and validating evidence to ensure compliance with regulatory requirements.
• Collaborate with senior team members during external compliance assessments and audits, providing support in audit preparation, evidence collection, and report generation.
• Identify and document security risks, help to assess their impact on the organization, and support the development of risk mitigation strategies.
• Contribute to the development and updating of information security policies, procedures, and related documentation, ensuring alignment with ISO 27001 and other regulatory frameworks.
• Participate in the monitoring and review of security controls, supporting efforts to enhance their effectiveness and alignment with business objectives.
• Provide analysis and reporting on the performance of security controls, helping identify areas for improvement and supporting the implementation of corrective actions.
• Gather and validate technical evidence for compliance reviews and audits, ensuring thorough and accurate documentation is maintained.
• Assist in the preparation of detailed reports, summarizing audit findings, risk assessments, and policy updates for leadership review.
• Communicate security and compliance requirements clearly and effectively to team members and stakeholders, ensuring understanding and alignment across the organization.
• Collaborate with cross-functional teams to ensure that GRC activities integrate seamlessly with broader business processes and goals.
• Maintain accountability for assigned tasks, ensuring deadlines are met and deliverables are completed with attention to detail.
• Ensure a customer-centric approach, understanding client and stakeholder needs while delivering solutions that add value.
• Demonstrate a proactive attitude toward learning and development, continually seeking to improve knowledge and skills in GRC and information security practices.

Deliverables and Outcomes
Help build and maintain strong customer relationships, ensuring their business goals and objectives are met and incorporated in the security program.
Successfully complete project tasks on time.
Enable customers to comply with their regional IS regulations and keep customers informed of emerging cybersecurity threats.
Support in Identification, assessment, and enhancement of customer environment security controls to meet industry standard benchmarks.
Develop, document, and communicate comprehensive Information Security framework policies and procedures.
Continuously monitor adherence to legal and regulatory requirements.
Help define customer risk appetite, perform risk assessments, and assist in implementation of Risk Treatment Plans.
Key Skills
Customer relationship management and relationship building
Knowledge on ISO 27001:2022 standard clauses and ISO 27002 Annexure Control guidance
Understanding about information security principles (CIA) and its application on information system security
Technical know-how (based on ISO 27002 Annex guidelines) for evidences validation as part of Security Assessments and assurance audits (internal & certification audits)
Creating elaborate reports and presentations about Security assessments/audits findings/observations
Writing/ Documentation of organization level security policies, processes and procedures in collaboration with multiple stakeholders
Competencies
Analysis Skills
Customer Focus
Communications- Oral & written
Energy/Passion
Problem Solving Skills