Reporting Structure

The role is part of the Cyber Security awareness and assessment program

Job Description

We are looking for a highly motivated Associate - Cyber Security (GRC) to support our organization's governance, risk, and compliance initiatives. The ideal candidate will have a foundational understanding of cybersecurity principles, strong analytical skills, and a keen interest in risk assessment and regulatory compliance.

Education

Bachelor's degree in IT/computer science or related field 

Experience

2 - 4 years of overall experience in Information Security/GRC.

Preferred Industry

BFSI, Information Technology, ITES Sector, Telecom Services

Responsibility

1.    Assist in developing, implementing, and maintaining the organization's cybersecurity GRC framework.

2.    Conduct security assessments and evaluate risk posture in alignment with industry standards.

3.    Support phishing simulation campaigns and cybersecurity awareness initiatives.

4.    Develop articles, newsletters, training materials, and security guides to enhance user awareness.

5.    Collaborate with internal teams to improve security compliance and policy implementation.

6.    Assist in the maintenance and enhancement of cybersecurity policies, procedures, and frameworks.

7.    Perform internal audits to assess compliance with ISO 27001, CIS Benchmarks, and NIST CSF.

8.    Help configure workflows and automate GRC processes to improve efficiency.

9.    Provide technical assistance and security recommendations to stakeholders.

10.Stay updated on emerging cybersecurity regulations and suggest necessary policy revisions.

  Skills and Qualifications

1.    Strong IT/Computer Science background with proven experience in cybersecurity training and communications.

2.    In-depth understanding of cybersecurity concepts, threats, and best practices, with the ability to create user-friendly technical content.

3.    Proficiency in designing and delivering effective cybersecurity training programs, workshops, and awareness sessions.

4.    Hands-on experience with governance frameworks, risk management, and compliance standards, including ISO 27001:2022, CIS Benchmarking, and NIST CSF.

5.    Strong written and verbal communication skills for crafting security policies, articles, newsletters, and user guides.

6.    Understanding of Security Operations Center (SOC) incident management processes and best practices.

7.    Ability to prepare and deliver cybersecurity presentations that align with organizational risk and compliance strategies.

8.    Knowledge of security testing methodologies, ethical hacking principles, and penetration testing tools based on OWASP guidelines.

9.    Familiarity with GRC system design, workflow configuration, and automation processes for efficient governance.

10.Ability to collaborate with cross-functional teams and provide cybersecurity technical assistance to stakeholders.

11.  Capability to work both independently and as part of a team in managing security awareness initiatives and compliance projects.