Senior GRC Consultant/Lead (6-10 yrs)

Here's a refined Job Description (JD) for the GRC (Governance, Risk, and Compliance) role :

Job Title : Senior GRC Consultant/Lead

Location : Bengaluru

Employment Type : Full Time

Job Description :

We are seeking an experienced Senior GRC Consultant/Lead with expertise in Governance, Risk, and Compliance (GRC) frameworks and practices.

The ideal candidate will lead assessments, implement compliance solutions, and ensure adherence to regulatory and industry standards.

This role requires strong experience with frameworks such as ISO 27001, NIST, COSO, SOX, PCI DSS , and expertise in risk assurance, enterprise risk management, and audit readiness.

Essential Duties and Responsibilities :

- Perform governance, risk, and compliance assessments , including policy/procedure development, training, change management, and internal control analysis.

- Lead security assessments and implementation support based on frameworks such as ISO 27001 : 2022, NIST 800, NIST CSF, PCI DSS, and HITRUST .

- Conduct gap analysis , identify risks, and provide actionable recommendations to enhance compliance and security postures.

- Develop and execute risk methodologies , maintain updates, and map GRC assessments to changing requirements like SOC1, SOC2 and other regulatory mandates.

- Collaborate across business units for audit readiness and risk compliance, working with internal and external audit teams, regulators, and clients.

- Act as a Subject Matter Expert (SME) in areas such as COSO, NIST, SOX, GDPR, PCI, and HITRUST frameworks.

- Assist business units in understanding internal controls and their alignment with strategic initiatives and compliance requirements.

- Support vendor risk management , incident response , and evaluation of technology solutions to improve governance and security.

- Develop meaningful risk metrics, reports, and dashboards, ensuring visibility into compliance status across the organization.

- Lead engagements, mentor staff, monitor team performance, and ensure delivery within stakeholder and client expectations.

- Promote a risk aware, performance focused culture , providing thought leadership for continuous improvement.

Qualifications :

Education : Bachelor's degree in Computer Science, Information Technology, Risk Management, or equivalent experience.

Certifications (Mandatory) : At least two of the following :

- Certified Information Systems Auditor ( CISA )

- Certified in Risk and Information System Controls ( CRISC )

- Certified Information System Security Professional ( CISSP ) or equivalents.

Work Experience :

- 10-15 years of experience in GRC roles, with a minimum of 8+ years of combined experience in consulting, audit, and risk management.

- Experience with Big 4 firms is required.

- 8+ years of hands on experience in designing and implementing technology controls, risk assessments, and audit support.

- 8+ years of operational experience across domestic and international landscapes, preferably in consulting, financial services, healthcare, or regulated industries.

- 8+ years of experience with SOC1, SOC2 , and regulatory compliance.

- 5+ years of experience in areas like system integration, data privacy, identity & access management, SDLC, IT security, and vendor risk management.

Strong knowledge of frameworks :

- COSO, SOX Compliance, ISO 27001, NIST 800 53, NIST CSF, PCI DSS, HITRUST, and GDPR .

Technical and Leadership Skills :

- Advanced risk assurance and enterprise risk management expertise.

- Experience leading large engagements, managing teams, and mentoring staff.

- Strong analytical, critical thinking, and problem solving skills with a self starter attitude .

- Excellent written, verbal, and presentation skills for interacting with executive stakeholders and cross functional teams.

- Proven experience working in remote/matrixed environments and driving continuous improvement initiatives .

Skills to be Evaluated :

Mandatory Skills : COSO, SOX Compliance

Desirable Skills : Risk Assurance, Enterprise Risk Management

Years of Experience : 6 to 8 Years (Minimum Experience Range : 10 15 Years preferred)