GRC Analyst (Risk and Compliance)

As a GRC Analyst, you will support the customer organizations governance, risk, and compliance initiatives, helping maintain a secure and compliant environment. Working closely with cross-functional teams, you will assist in ensuring compliance with industry standards and the development of risk management frameworks:

Key Responsibilities

As a GRC Analyst, you will support the customer organizations governance, risk, and compliance initiatives, helping maintain a secure and compliant environment. Working closely with cross-functional teams, you will assist in ensuring compliance with industry standards and the development of risk management frameworks:

• Support the implementation and maintenance of ISO 27001:2022 standards by assisting in ensuring compliance with security controls and helping prepare for internal and external audits.
• Assist in conducting internal audits and security assessments, gathering and validating evidence to ensure compliance with regulatory requirements.
• Collaborate with senior team members during external compliance assessments and audits, providing support in audit preparation, evidence collection, and report generation.
• Identify and document security risks, help to assess their impact on the organization, and support the development of risk mitigation strategies.
• Contribute to the development and updating of information security policies, procedures, and related documentation, ensuring alignment with ISO 27001 and other regulatory frameworks.
• Participate in the monitoring and review of security controls, supporting efforts to enhance their effectiveness and alignment with business objectives.
• Provide analysis and reporting on the performance of security controls, helping identify areas for improvement and supporting the implementation of corrective actions.
• Gather and validate technical evidence for compliance reviews and audits, ensuring thorough and accurate documentation is maintained.
• Assist in the preparation of detailed reports, summarizing audit findings, risk assessments, and policy updates for leadership review.
• Communicate security and compliance requirements clearly and effectively to team members and stakeholders, ensuring understanding and alignment across the organization.
• Collaborate with cross-functional teams to ensure that GRC activities integrate seamlessly with broader business processes and goals.
• Maintain accountability for assigned tasks, ensuring deadlines are met and deliverables are completed with attention to detail.
• Ensure a customer-centric approach, understanding client and stakeholder needs while delivering solutions that add value.
• Demonstrate a proactive attitude toward learning and development, continually seeking to improve knowledge and skills in GRC and information security practices.

Deliverables and Outcomes

• Help build and maintain strong customer relationships, ensuring their business goals and objectives are met and incorporated in the security program.
• Successfully complete project tasks on time.
• Enable customers to comply with their regional IS regulations and keep customers informed of emerging cybersecurity threats.
• Support in Identification, assessment, and enhancement of customer environment security controls to meet industry standard benchmarks.
• Develop, document, and communicate comprehensive Information Security framework policies and procedures.
• Continuously monitor adherence to legal and regulatory requirements.
• Help define customer risk appetite, perform risk assessments, and assist in implementation of Risk Treatment Plans.

Key Skills

• Customer relationship management and relationship building
• Knowledge on ISO 27001:2022 standard clauses and ISO 27002 Annexure Control guidance
• Understanding about information security principles (CIA) and its application on information system security
• Technical know-how (based on ISO 27002 Annex guidelines) for evidences validation as part of Security Assessments and assurance audits (internal & certification audits)
• Creating elaborate reports and presentations about Security assessments/audits findings/observations
• Writing/ Documentation of organization level security policies, processes and procedures in collaboration with multiple stakeholders

Competencies

• Analysis Skills
• Customer Focus
• Communications- Oral & written
• Energy/Passion
• Problem Solving Skills