CyRAACS - GRC Consultant - Security Operations Center (3-6 yrs)

Bangalore job location with 3-6 years of professional experience-.

Responsibilities :

- Developing and Updating Control Frameworks.

- Design, develop, and maintain comprehensive control frameworks based on global standards (ISO 27001 : 2022, SOC 2, CSA STAR, PCI DSS 4.0), regulations (GDPR, CCPA, DPDPA, RBI Master Directions) and frameworks (NIST CSF) for our proprietary GRC niche platform.

- Regularly review and update the frameworks to reflect changes in the regulatory landscape and information security standards.

Managing Security Certifications :

- Lead the process for obtaining and maintaining security certifications such as ISO 27001 : 2022 and SOC 2 for the product.

- Coordinate with internal teams and external auditors to ensure all necessary documentation and evidence are prepared for audits.

- Manage timelines and project milestones to ensure timely completion of certification processes.

- Monitor and report on compliance with security standards to internal stakeholders.

Conducting User Testing :

- Conduct user testing to evaluate the usability and functionality of the product.

- Gather and analyse user feedback to identify areas for improvement.

- Work with Product Management teams to translate user feedback into actionable changes and enhancements to the product.

Providing User Feedback :

- Synthesize feedback from user testing sessions and ongoing user interactions to develop a clear and actionable insights.

- Communicate these insights to product development teams to inform product updates and iterations.

- Establish mechanisms for continuous feedback collection to ensure that the product remains aligned with user needs and expectations.

Providing Consulting Support to Clients :

- Offer expert advice and consulting support to clients regarding the implementation and optimization of the product within their operations.

- Help clients understand how to integrate the product into their existing GRC activities and how to leverage it for maximum benefit.

- Assist clients in interpreting and applying control frameworks and compliance requirements relevant to their specific industry and regulatory context.

Training and Documentation :

- Develop and maintain comprehensive documentation for the product's control frameworks and compliance features.

- Work with Product Management teams to create training materials and conduct training sessions for both internal stakeholders and external clients to ensure they are well-versed in using the product effectively.

Continuous Improvement :

- Stay updated with the latest developments in GRC practices, compliance regulations, and risk management strategies.

- Propose and implement improvements to the product and the internal processes based on evolving best practices and feedback.

Requirements :

Compliance and Regulatory Experience :

- Experience between 3 to 6 years with GRC frameworks and standards such as ISO 27001, SOC 2, HIPAA, PCI-DSS, GDPR, etc.

- Proven track record in developing, implementing, and maintaining compliance frameworks.

- Experience in managing compliance audits and working with external auditors.

Information Security Experience :

- Experience in developing information security practices, policies, and procedures.

- Experience in conducting risk assessment and end-to-end risk management practices.

- Knowledge of third-party risk management practices (TPRM).

- Experience in conducting Privacy Impact Assessments, Business Impact Analysis and developing Business Continuity Plans.

- Understanding of cybersecurity threats and mitigation strategies.

Project Management Experience :

- Strong project management skills, with experience leading cross-functional projects, particularly in compliance and security certification initiatives.

- Ability to manage deadlines, coordinate with multiple stakeholders, and deliver projects on time.

Client Interaction and Support :

- Experience in client-facing roles, providing consultation, training, and support.

- Skills in translating complex compliance and security requirements into actionable advice for diverse audiences.

Software and Technology :

- Hands-on experience with GRC software platforms and tools preferred.

- Experience in conducting user testing and gathering feedback for software products.

Education :

- Bachelor's degree in computer science, information science, or similar.

Relevant Certifications : Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM).