GRC Consultant

Title: GRC Consultant (ISMS, BCMS, ITSM & Cyber Resilience)

Duration: 06+ Months (possible extension)

Location: Noida, Uttar Pradesh, India

Duties and Responsibilities:

• Lead and execute the enterprise Governance, Risk, and Compliance (GRC) program aligned with ISO 27001 (ISMS), ISO 22301 (BCMS), and ISO 20000 (ITSM).
• Serve as the primary internal GRC and compliance point of contact for CLIENTS and coordinate with external auditors, consultants, and regulators.
• Drive ISMS lifecycle activities, including scope definition, risk assessment, Statement of Applicability, control implementation, and continuous monitoring.
• Establish and maintain an integrated cyber resilience and business continuity framework, ensuring alignment between security, disaster recovery, and operational continuity.
• Lead Business Impact Analysis (BIA), risk assessments, BC/DR strategy, and testing exercises to ensure recovery readiness.
• Govern and enhance IT Service Management processes in alignment with ISO 20000 and ITIL best practices, including incident, problem, change, and service-level management.
• Conduct enterprise risk assessments, maintain the risk register, and track remediation through defined KRIs, KPIs, and risk treatment plans.
• Develop, review, and maintain information security, business continuity, and ITSM policies, standards, and procedures.
• Plan and execute internal audits, control assessments, and compliance reviews across IT, cloud, OT (if applicable), and business functions.
• Coordinate external certification and surveillance audits for ISO 27001, 22301, and 20000, including evidence readiness and closure of non-conformities.
• Ensure alignment with regulatory and contractual compliance obligations, including privacy and data protection requirements where applicable.
• Deliver executive dashboards, compliance scorecards, and governance reports with metrics for IT and cybersecurity to senior leadership and risk committees.
• Facilitate security and continuity awareness programs, tabletop exercises, and stakeholder training.
• Conduct established third-party risk management and supplier assurance audits aligned with ISO and enterprise risk frameworks.
• Drive continuous improvement initiatives to enhance compliance maturity, cyber resilience, and service governance effectiveness.
• Support technology and transformation programs with risk reviews, control design, and compliance validation before production deployment.
• Participate in cyber maturity assessments (ISO maturity, NIST CSF alignment, resilience benchmarking) and drive closure of identified gaps.
• Ensure documentation, evidence repositories, and audit trails are maintained for sustained certification readiness.
• Collaborate with SOC, infrastructure, cloud, privacy, and business teams to ensure holistic risk and resilience governance.
• Manage GRC-related projects, remediation programs, and control automation initiatives to improve efficiency and assurance.
• Prepare and present Weekly Status Reports with KPIs and KRIs (Use Every Week). Sections to Include: Progress vs roadmap, Risks & issues, Compliance posture snapshot, Metrics (KRIs/KPIs, closure %), Decisions required, Plan for next week
• Conduct extensive internal audits at the process level for ISMS, BCMS and ITSM at the process level, present the audit report and drive closure of the gaps.
• Drive BC/DR exercises, review reports, and execute improvements for the IT landscape
• Review and update all the required policies, process documents (existing/new) required for ISMS, BCMS, ITSM, aligned to the CLIENTS environment.
• Conduct monthly assurance review for major managed services (IT Infra, IT-Apps and SOC),
• Execute/conduct monthly Quality review, Risk review and weekly VA review and drive closure.
• Conduct risk assessments for all the IT assets as per ISMS, BCMS and ITSM standards.
• Conduct BIA and identify crown jewel assets for CLIENTS. Define security and resiliency for the crown jewels.
• Review, maintain and track the security exceptions (business need, technology limitations, or policy exceptions) monthly.
• Review all the new upcoming projects, solutions in CLIENTS from Cyber security secure-by-design, compliance point of view, provide cyber clearance and document the final approved solution and any risk or exception identified, ensure the agreed controls are implemented in the solution during and post deployment and production go-live.
• Experience or knowledge in SAP GRC and auditing

QUALIFICATIONS & EXPERIENCE:

Qualifications:

• The candidate must be a graduate engineer in Engineering, Computer Science, Information Security, or a related field.
• Relevant information security and governance certifications (e.g., CEH, CISSP, CISM, CCSK, ISO 27001/22301/20000 LA/LI, ITIL, etc.) preferred.

Experience:

• 810 years of experience in GRC, Information Security, Risk, Compliance, or IT governance roles.
• Hands-on experience implementing or managing ISO 27001, ISO 22301, and ISO 20000 programs and audits.
• Strong understanding of enterprise risk management, control frameworks, and cyber resilience principles.
• Experience conducting risk assessments, BIA, DR testing, intensive internal audits, and remediation management.
• Familiarity with global frameworks such as NIST CSF, CIS Controls, COBIT, and ISO standards.
• Working knowledge of cloud, infrastructure, application, and OT risk considerations for control implementation and audit
• Experience with GRC tools, compliance dashboards, and audit evidence management.
• Ability to operate in fast-paced environments, managing multiple compliance and audit timelines.
• Strong stakeholder management, governance reporting, and communication skills.
• Understanding of IT Service Management aligned to ISO 20000 / ITIL.
• Excellent communication skills, with the ability to collaborate effectively across departments and levels of the organisation.