GRC Consultant

• Assist with the implementation, operation, support and maintenance of the Information Security Management System based on the ISO/IEC 27000 series standards.

• Assist with the preparation and the implementation of information security policies, processes and standards in conjunction with the Information Security team for clients.

• Support compliance monitoring and improvement activities to ensure compliance with internal security policies and ISO 27001 for clients.

• Provide technical and procedural support to division organizations in their implementation of information security management systems.

• Participate in ISO27001 training and educational activities.

• Support information security risk assessments and controls selection activities.

• Participate in other information security activities and projects.

• Lead and manage compliance initiatives including ISO27001/ISO27799.

• Work with our Client management to formulate security/compliance policies.

• Work with management to ensure the company complies with reporting requirements.

• Plan and manage external audits.

• Plan and conduct periodic internal audits/assessments to ensure that privacy, security and compliance requirements are met.

Skills:

• Experience in developing, implementing, and managing complex security programs that reduceoperational risk.

• Understand the importance of being flexible, creative, and resourceful in order to design an
  information security program that addresses the specific business challenges of an innovative, fast-growing company.

• Know how to interact and communicate across the organization, using your domain knowledgeand acumen to inspire confidence and trust amongst both technology and business leaders.

• Clear understanding of relevant information security governance, technical and security standards and regulations.

• Experience with industry security standards including NIST Cybersecurity Framework, ISO 27001/27799 and ISO 27018 as well as current data privacy regulations.

• Good technical writing, documentation and communication skills.

• Strong technical understanding and aptitude for analytical problem-solving.