JOB DESCRIPTION

Responsibilities

Conduct risk assessments and maintain the organizational risk register with defined risk

appetite and tolerance thresholds.

Manage and maintain ISO 27001 Information Security Management System (ISMS);

coordinate internal and external audits.

Support SOC 2 readiness, evidence collection, and audit liaison across Type I and Type II

engagements.

Develop, review, and update information security policies, standards, and procedures aligned

with regulatory and client requirements.

Perform third-party / vendor risk assessments and ensure supplier compliance with

contractual security obligations.

Monitor key risk indicators (KRIs) and key performance indicators (KPIs); prepare

executive-level risk reports and dashboards.

Support BCP/DR planning, tabletop exercises, and incident management activities.

Track audit findings, exceptions, and control deficiencies through to remediation closure.

Assist in security awareness training and compliance education across teams.

Qualifications:

ISO 27001 implementation & auditing

SOC 2 (Type I & II) readiness & audits

IT risk assessment methodologies

GRC platforms (RSA Archer, ServiceNow GRC, MetricStream or similar)

Security policy & control frameworks

Vendor / third-party risk management

Risk register management

ISMS documentation & gap analysis

GRC Analyst