GRC Specialist_P1/Cybersecurity

Job Summary:

The GRC Specialist is responsible for supporting the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in alignment with ISO 27001 standards and the DPDP Act. This role involves conducting risk assessments, monitoring compliance, and supporting internal and external audits. The specialist ensures the effectiveness of security controls, maintains documentation, and collaborates with cross-functional teams to address vulnerabilities and mitigate risks. Additionally, the role includes developing security policies, providing training to promote security awareness, and staying updated on regulatory requirements.

Job Purpose:

The GRC Specialist is responsible for supporting the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) in alignment with ISO 27001 standards and the DPDP Act. This role involves conducting risk assessments, monitoring compliance, and supporting internal and external audits. The specialist ensures the effectiveness of security controls, maintains documentation, and collaborates with cross-functional teams to address vulnerabilities and mitigate risks. Additionally, the role includes developing security policies, providing training to promote security awareness, and staying updated on regulatory requirements. Strong analytical, communication, and problem-solving skills are essential for success in this position.

Job Responsibilities:

• Administrative / Co-Ordination - 1.Monitor compliance with ISO 27001, ensuring controls are in place and effective. Conduct regular assessments for regulatory, contractual, and internal security requirements. 2.Coordinate internal audits, provide support for external audits, prepare documentation, and gather evidence. 3.Maintain and update ISMS documentation, policies, procedures, security controls, risk assessments, and audit records. 4.Coordinate and support the delivery of security awareness and training programs related to ISO 27001 standards.
• Execution / Implementation - 1.Assist with the development, implementation, and continuous improvement of the ISMS in alignment with ISO 27001 standards. 2.Support incident response processes, including crisis management plan preparation, logging, analysis, resolution of incidents, and root cause analysis. 3.Identify, assess, and prioritize security risks, and assist in developing and implementing risk mitigation strategies.
• People Related - 1.Foster a culture of security awareness by delivering training programs and providing guidance on security practices. 2.Work closely with cross-functional teams to address vulnerabilities, ensure compliance, and implement risk treatment plans.
• Strategic - 1.Identify opportunities to enhance the ISMS framework and suggest improvements to policies, processes, and tools. 2.Contribute to the strategic planning of risk mitigation and security control enhancements to align with the organization’s long-term objectives. 3. Develop and implement corrective actions to prevent the recurrence of incidents, aligning with broader organizational goals.

Skills: