Netsach, is currently looking for GRC Consultants with 5 to 12 years of experience in Bangalore. Candidates with experience in Client Due Diligence, Vendor Due Diligence/Third Party Risk Management, Issue Management, ISO 27001, SOC2, NIST, Internal audit, ITGC, and other related fields are encouraged to apply.

Job Title: GRC Consultant

Work experience: 5 to 12 years

No of Openings: 10+ Openings

Location: Bangalore

Job Description:

Essential Duties and responsibilities:

·        Participate in governance, risk and compliance related assessments, policy and procedures, awareness and training for end users, change management, internal control identification and measurement per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.

·        Lead risk methodology development and execution maintain updates and mapping of governance, risk and compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, in addition to other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.

·        Work across matrix business environments both internal and external for risk and compliance (audit) readiness for regulatory reviews, SOC1, SOC2, SOX, and other industry requirements such as HITRUST, GDPR.

·        Work with business units in a consulting role to assist in their understanding of internal controls and measurements in addressing strategic initiatives, business/client drivers and concerns, future audits and compliance requirements.

·        Lead/Manage methodology development, updates and mapping of governance, risk and    compliance (GRC) assessments for changing requirements/criteria related to SOC1, SOC2, SOX, strategic leadership initiatives, and other regulatory or industry requirements such as HITRUST, GDPR per applicable guidelines and frameworks: ISO 27001:2005, NIST 800, NIST/CSF, PCI, GDPR, HITRUST and FISMA.

·        Lead governance, risk and compliance (GRC) liaison with internal and external audit resources, external customers and government regulators, domestic and international.

·        Actively support business units request for information and data security risk, technology risk, technical vendor relationship management, product selection and design related to the authority and responsibility of GRC within an Enterprise Risk Management (ERM) model.

·        Promote a positive, entrepreneurial, consulting, performance focused culture within governance, risk and compliance (GRC) that works effectively with stakeholders in the development and launch of services and programs that support compliance and company growth.

·        Work with divisional staff and representatives to develop long-term risk strategies, annual risk assessments, risk measurement metrics and tactical plans to reduce company risk exposure.

·        Support the coordination, tracking and reporting on divisional and business units' metrics, results, data modelling, processing, calculating and transformation into meaningful risk metrics and reports.

Job Qualifications:

·        Bachelor's Degree in Accounting, Computer Science, Risk Management or equivalent years in experience

·        Certifications required (two), preferred certifications: Certified Information Systems Auditor (CISA, Certified in Risk and Information System Controls (CRISC), Certified Information System Security Professional (CISSP), or equivalents.

·        5+ years of combined experience with consulting, external audit, company in house and outsourced internal audit, assurance services, contracts; experience with a Big 4 is required.

·        5+ years of hands-on combined experience with designing and implementing technology controls in diverse technology environments, including auditing, risk assessments and providing recommendations for remediation.

·        5+ years of hands-on combined experience, preferred in business process design, system integration, identity access & management, data privacy and protection, system development life cycle (SDLC), vulnerability assessment, information technology security, incident response, vendor management, backup and recovery and continuity planning.

·        5+ years of operational leadership roles that include domestic and international; diverse industry experience preferred, consulting services, financial services and banking, insurance and healthcare, risk and compliance.

·        5+ years of audit experience with SOC1, SOC2, SOX 404 and regulatory compliance.

·        5+ years of combined hands-on operational experience in; accounting, tax, payroll, human resources, information technology operations, information technology security, risk management.

·        5+ years as a Subject Matter Expert (SME); working with industry frameworks including COSO, ISO, NIST 800-53, NIST/CSF, PCI, HITRUST, FISMA and GDPR.

·        Experience leading engagements, establishing budgets, developing work programs/plans, building relationships, mentoring staff, providing performance feedback, and monitoring workloads of team(s) while meeting stakeholder and client expectations.

·        Advanced written, verbal and presentation skills; including interactions with key stakeholders, internal executive management and external executive management and senior leaders.

·        Experienced working in remote environments. Independent, motivated self-starter with the ability to analyze complex problems, think critically, problem solve, influence change, provide thought leadership.

·        Excellent interpersonal skills, including the ability to work across a highly matrixed organization, interacting, influencing, negotiating effectively with all levels of leadership and peers

·        Experienced with vendor and managed security services with ability to identify continuous improvement opportunities to drive risk assessment effectiveness and efficiency.

Mandatory Skills: Just for your information below is what we need to target for GRC:

Client Due Diligence, Vendor Due Diligence/Third Party Risk Management, Issue Management, ISO 27001, SOC2, NIST, Internal audit, ITGC etc.