inMorphis - GRC Consultant - IT Operations (5-7 yrs)

Skill required to perform the duty :

- 5 years of experience in more than one of the following disciplines : operational risk management, enterprise risk management, business continuity and disaster recovery, vendor management, audit management, corporate compliance, and policy management.

- Support implementation of GRC strategies

- Conduct risk assessments, identify and analyse potential risks to IT systems and operations, and recommend risk mitigation strategies that align with industry standards and best practices.

- Map organizational policies and procedures to relevant security standards and regulatory requirements

- Conduct periodic compliance assessments such as health checks to evaluate the organization's adherence to GRC frameworks and regulatory requirements.

- Provide actionable insights for improvement where necessary.

- Review, and update company policies to ensure alignment with regulatory obligations and organizational objectives.

- Collaborate with stakeholders across the organization to manage GRC and information security related projects, track progress, and ensure timely delivery.

- Act as a point of contact and maintain clear communication throughout project lifecycles.

- Experience with Archer GRC solution will be considered an advantage.

- Ability to clearly articulate the power and value of the ServiceNow platform in terms familiar to a non-IT, GRC audience.

- Deep understanding of the configuration management database (CMDB), IT Service Management (ITSM) processes and their value/relevance to Security and GRC processes and solutions

- Experience with ServiceNow GRC in a consulting or implementation position ServiceNow CIS certification in GRC or SecOps is preferred (good to have)

- Experience working with a GRC system such as RSA Archer, ServiceNow GRC, Onspring, Lockpath, MetricStream or OpenPages (good to have)

- Understanding/knowledge of regulatory and industry frameworks and standards (i.e. 20 critical controls, CIS, PCI-DSS, ISO 27000, NIST 800, HIPPA, SoX, etc.)

- Practitioner experience working in a governance, risk, and compliance role, such as; external auditor, control owner, audit manager, or internal audit.

- The following industry certifications are helpful, but not required: GRCP, GRCA, CGEIT, CRISC, or CISA.

- Highly motivated individual who is eager to succeed and become part of a rapidly growing company.

- Have interpersonal, decision making and excellent communication skills