GRC Analyst_P1/Cybersecurity

Job Summary:

The GRC Analyst is responsible for supporting the implementation and ongoing maintenance of the Information Security Management System (ISMS) in alignment with ISO 27001 standards and the Data Protection and Privacy (DPDP) Act. This role involves assisting in risk management processes, ensuring compliance with information security policies, and monitoring the effectiveness of security controls. The analyst will also assist in internal audits, support the preparation for external audits, and work closely with other departments to ensure adherence to security standards. Strong attention to detail, knowledge of GRC frameworks, and regulatory requirements are key for success in this role.

Job Purpose:

The GRC Analyst is responsible for supporting the implementation and ongoing maintenance of the Information Security Management System (ISMS) in alignment with ISO 27001 standards and the Data Protection and Privacy (DPDP) Act. This role involves assisting in risk management processes, ensuring compliance with information security policies, and monitoring the effectiveness of security controls. The analyst will also assist in internal audits, support the preparation for external audits, and work closely with other departments to ensure adherence to security standards. Strong attention to detail, knowledge of GRC frameworks, and regulatory requirements are key for success in this role.

Job Responsibilities:

• Administrative / Co-Ordination - 1.Audit Preparation and Support: Coordinate internal audits, provide support for external ISO 27001 audits, prepare documentation, assist with gathering evidence, and address findings to ensure timely closure of audit actions. 2.Documentation Management: Maintain and update relevant ISMS documentation, policies, and procedures. Ensure that security controls, risk assessments, and audit records are accurately documented and up-to-date. 3.Incident Response and Remediation: Support incident response processes, prepare crisis management plans, and ensure incidents are logged, analyzed, and resolved.
• Execution / Implementation - 1.ISMS Implementation Support: Assist with the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in alignment with ISO 27001 standards. 2.Compliance Monitoring: Monitor compliance with ISO 27001, ensuring that controls are in place and operating effectively across the organization. Conduct regular assessments to ensure adherence to regulatory, contractual, and internal security requirements. 3.Risk Management: Collaborate with cross-functional teams to identify, assess, and prioritize security risks. Assist in developing risk mitigation strategies and tracking the progress of risk treatment plans.
• People Related - Support the delivery of security awareness and training programs related to ISO 27001 standards. Foster a culture of security awareness across the organization.
• Strategic - Proactively identify opportunities to enhance the ISMS framework, suggesting improvements to policies, processes, and tools to ensure they are efficient and effective.

Skills: