GRC Consultant

Job description • 5-9 years of experience in design and implementation of GRC, ISO 27002, SOC1 and SOC 2 Security controls. Experience, preferably Big four experience  Reviewing Information security policies and procedures identify gaps, consolidating information security policies and procedures into group policy.  Should have good experience in performing risk assessments, creating and maintaining risk registers, liaising with risk officers and getting risk register updated with remediation steps.  Managed IT attestation and assurance engagements for global clients including client specific as well generic reports for performing diagnostic review (SOC2 Type 2), Type 2 examinations of SOC1 (ISAE 3402SSAE 16SSAE 18). Also have knowledge of Type 1 SOC1 and SOC2 (ISAE 3000) engagements.  Led and managed Information Security and IT General Controls Audit. o Tested General IT controls testing including Access to Program Data (APD), Program Changes (PC), Program Development (PD) and Computer Operations (CO).  Have knowledge of areas such as Incident Management, Batch Job processing, Backup and Restoration. Have tested System Interface controls.  ISO 27001 Certification a Must  5 year experience in Risk management • Should have good understanding of IT Risk management frameworks like COSO, COBIT, NIST 800 series, ISO 27001, ISO 31000, NIST CST  Should have good understanding of regulatory compliance requirements such as SOX, GDPR, SSAE18ISAE3202 PCI-DSS, FISMA, HIPAA, and HITRUST, RBI Cybersecurity requirements, IT Act 2000.  Should have good understanding of data protection privacy laws in various countries like US, UK, Europe, APAC- Singapore, Australia, and India.  Should have implemented GRC solutions like ServiceNow GRC, Archer, Metric stream, Logic manager, Oracle GRC, SAS GRC solutions.  Should have experience working and responding to RFIRFP requirements for global customers, writing SOW, effort estimation.  Skills Required : GRC,SOC1,SOC2,SOX,SSAE

GRC Consultant
ISO 27001 Jobs

Job description


 

  • 5-9 years of experience in design and implementation of GRC, ISO 27002, SOC1 and SOC 2 Security controls. Experience, preferably Big four experience
      • Reviewing Information security policies and procedures identify gaps, consolidating information security policies and procedures into group policy.
          • Should have good experience in performing risk assessments, creating and maintaining risk registers, liaising with risk officers and getting risk register updated with remediation steps.
              • Managed IT attestation and assurance engagements for global clients including client specific as well generic reports for performing diagnostic review (SOC2 Type 2), Type 2 examinations of SOC1 (ISAE 3402SSAE 16SSAE 18). Also have knowledge of Type 1 SOC1 and SOC2 (ISAE 3000) engagements.
                  • Led and managed Information Security and IT General Controls Audit.
    • Tested General IT controls testing including Access to Program Data (APD), Program Changes (PC), Program Development (PD) and Computer Operations (CO).
        • Have knowledge of areas such as Incident Management, Batch Job processing, Backup and Restoration. Have tested System Interface controls.
            • ISO 27001 Certification a Must
                • 5 year experience in Risk management
  • Should have good understanding of IT Risk management frameworks like COSO, COBIT, NIST 800 series, ISO 27001, ISO 31000, NIST CST
      • Should have good understanding of regulatory compliance requirements such as SOX, GDPR, SSAE18ISAE3202 PCI-DSS, FISMA, HIPAA, and HITRUST, RBI Cybersecurity requirements, IT Act 2000.
          • Should have good understanding of data protection privacy laws in various countries like US, UK, Europe, APAC- Singapore, Australia, and India.
              • Should have implemented GRC solutions like ServiceNow GRC, Archer, Metric stream, Logic manager, Oracle GRC, SAS GRC solutions.
                  • Should have experience working and responding to RFIRFP requirements for global customers, writing SOW, effort estimation.
                  • Skills Required :

GRC,SOC1,SOC2,SOX,SSAE

Role System Security

Industry Type IT-Software, Software Services

Functional Area IT Software - Other

Employment Type Full Time, Permanent

Role Category Admin/Maintenance/Security/Datawarehousing

Education

UG :Any Graduate in Any Specialization

PG :Post Graduation Not Required

Key Skills

SASCobitInformation securitySOCISO 27001HIPAAIncident managementOracleRFPAuditing