As a GRC Analyst, you will support the customer organization’s governance, risk, and compliance initiatives, helping maintain a secure and compliant environment. Working closely with cross-functional teams, you will assist in ensuring compliance with industry standards and the development of risk management frameworks.

Skills

• Customer relationship management
• Relationship building
• Writing Skills
• Documentation
• Presentation Skills

Requirements

• Job Role GRC Analyst- Risk and Compliance
• Job Type Full Time
• Workplace Type Onsite
• Industry Computer and Network Security

Secondary locations

About

Not provided

Responsibilities

• Support the implementation and maintenance of ISO 27001:2022 standards by assisting in ensuring
compliance with security controls and helping prepare for internal and external audits.
• Assist in conducting internal audits and security assessments, gathering and validating evidence to
ensure compliance with regulatory requirements.
• Collaborate with senior team members during external compliance assessments and audits, providing
support in audit preparation, evidence collection, and report generation.
• Identify and document security risks, help to assess their impact on the organization, and support the
development of risk mitigation strategies.
• Contribute to the development and updating of information security policies, procedures, and related
documentation, ensuring alignment with ISO 27001 and other regulatory frameworks.
• Participate in the monitoring and review of security controls, supporting efforts to enhance their
effectiveness and alignment with business objectives.
• Provide analysis and reporting on the performance of security controls, helping identify areas for
improvement and supporting the implementation of corrective actions.
• Gather and validate technical evidence for compliance reviews and audits, ensuring thorough and
accurate documentation is maintained.
• Assist in the preparation of detailed reports, summarizing audit findings, risk assessments, and policy
updates for leadership review.
• Communicate security and compliance requirements clearly and effectively to team members and
stakeholders, ensuring understanding and alignment across the organization.
• Collaborate with cross-functional teams to ensure that GRC activities integrate seamlessly with broader
business processes and goals.
• Maintain accountability for assigned tasks, ensuring deadlines are met and deliverables are completed
with attention to detail.
• Ensure a customer-centric approach, understanding client and stakeholder needs while delivering
solutions that add value.
• Demonstrate a proactive attitude toward learning and development, continually seeking to improve
knowledge and skills in GRC and information security practices.

Deliverables and Outcomes:

• Help build and maintain strong customer relationships, ensuring their business goals and objectives are
met and incorporated in the security program.
• Successfully complete project tasks on time.
• Enable customers to comply with their regional IS regulations and keep customers informed of emerging
cybersecurity threats.
• Support in Identification, assessment, and enhancement of customer environment security controls to
meet industry standard benchmarks.
• Develop, document, and communicate comprehensive Information Security framework policies and
procedures.
• Continuously monitor adherence to legal and regulatory requirements.
• Help define customer risk appetite, perform risk assessments, and assist in implementation of Risk
Treatment Plans.

Other Requirements

• Customer relationship management and relationship building
• Knowledge on ISO 27001:2022 standard clauses and ISO 27002 Annexure Control guidance
• Understanding about information security principles (CIA) and its application on information system
security
• Technical know-how (based on ISO 27002 Annex guidelines) for evidences validation as part of Security
Assessments and assurance audits (internal & certification audits)
• Creating elaborate reports and presentations about Security assessments/audits findings/observations
• Writing/ Documentation of organization level security policies, processes and procedures in collaboration
with multiple stakeholders

Good to have

Not provided

About the Company

ValueMentor is a full-fledged Cyber Security Partner helping organizations worldwide to effortlessly manage cyber risks. We offer Risk & Compliance Services, Security Testing & Managed Security Services.