Grc Consultant

Responsibilities:

• Conduct risk assessments and compliance evaluations across IT systems, cloud environments, and business processes.
• Implement, monitor, and enhance governance, risk, and compliance frameworks to support organizational security posture.
• Perform internal audits aligned with regulatory and industry standards such as ISO 27001, HIPAA, GDPR, NIST, and SOC2.
• Develop, review, and maintain security policies, standard operating procedures, and related documentation.
• Support security awareness initiatives and assist in preparing compliance reports for internal and external stakeholders.
• Collaborate with cross-functional teams to identify security gaps, define risks, and recommend remediation actions.
• Coordinate and assist with external audits, certification activities, and evidence collection.
• Monitor compliance dashboards, audit logs, and maintain audit and risk-related evidence repositories.
• Work closely with cloud teams to assess and validate compliance controls on platforms such as AWS, Azure, or GCP.

Required Skills & Qualifications:

• 1–3 years of experience in GRC, information security, compliance, or risk management.
• Hands-on experience with at least one public cloud platform (AWS, Azure, or GCP).
• Strong understanding of standards and frameworks including ISO 27001, HIPAA, GDPR, NIST, and SOC2.
• Knowledge of security controls, vulnerability management practices, and data protection frameworks.
• Ability to prepare, organize, and manage documentation, audit evidence, and compliance records.
• Strong communication skills with the ability to coordinate with stakeholders and produce high-quality reports.