GRC Consultant

Tsaaro Consulting

As a GRC Consultant, you ll work closely with clients and internal teams to assess risks, implement controls, enhance compliance, and ensure organizations meet regulatory and industry standards.

Key Responsibilities

• Conduct governance, risk, and compliance assessments across various standards and regulatory frameworks.
• Assist organizations in implementing policies, procedures, and controls aligned with ISO standards (ISO 27001, ISO 27701, etc.).
• Perform risk assessments, gap analysis, and maturity evaluations for client environments.
• Support in building and implementing Information Security Management Systems (ISMS) and Privacy Information Management Systems (PIMS).
• Develop audit reports, documentation, and remediation plans based on assessment findings.
• Collaborate with technical and consulting teams to ensure effective implementation of compliance controls.
• Assist clients with regulatory requirements, including GDPR, DPDP Act, and global privacy/security regulations.
• Conduct internal audits, vendor risk assessments, and compliance checks to ensure continuous improvement.

Requirements

• Bachelor s degree in Information Security, Computer Science, Business, or a related field.
• Experience in governance, risk, and compliance roles ISMS, PIMS, audits, or regulatory implementations.
• Strong understanding of frameworks such as ISO 27001, ISO 27701, NIST, SOC 2, GDPR, DPDP Act, etc.
• Ability to conduct risk assessments, gap analysis, and control mapping.
• Strong analytical skills, report writing abilities, and attention to detail.
• Experience working with clients, stakeholders, or cross-functional teams.
• Ability to multitask, meet deadlines, and work in a fast-paced consulting environment.
• Professional certifications (ISO 27001 LA/LI, CIPP, CIPM, etc.) are a plus.