Cyber Security Consultant GRC

As a Cyber Security Consultant GRC at Choice TechLab in Pune, India, you will play a pivotal role in ensuring robust information security and compliance for our clients. Your responsibilities will include conducting IT General Controls (ITGC) testing, focusing on Access Management, Change Management, IT Operations, and Backup/DR procedures. You will support SEBI Cyber Security Framework (CSF) audits for market participants such as brokers, mutual funds, and exchanges, and assist in Vendor / Third-Party Risk Management audits by assessing governance, cybersecurity controls, and overall risk posture. A key part of your role will involve performing ISO 27001:2022 gap assessments, risk assessments, internal audits, and developing essential documentation like the Statement of Applicability (SoA), Risk Register, and Policies. You will also guide organizations through ISO 27001 implementation, including ISMS documentation, control mapping, training, and readiness assessments. Furthermore, you will participate in vendor audits and third-party security assessments, reviewing Service Level Agreements (SLAs), SOC reports, and security controls. Your duties extend to preparing comprehensive audit working papers, evidence logs, audit reports, and compliance dashboards. Effective communication of findings and actionable remediation recommendations to stakeholders is crucial, as is tracking the closure of open findings and conducting follow-up audits. Staying abreast of regulatory changes and evolving cybersecurity best practices is essential.

We are looking for candidates with a Bachelor's degree in Engineering, Computer Science, IT, Cybersecurity, or a related field, possessing at least 12 years of experience in IT audit, compliance, cybersecurity, or governance. A strong understanding of ITGC frameworks and internal audit processes is required, along with good knowledge of ISO 27001:2022 requirements, ISMS documentation, and risk management. Familiarity with the SEBI Cyber Security and Cyber Resilience Framework and/or RBI cyber security guidelines is preferred. Additional awareness of industry standards such as NIST CSF, COBIT, SOC 2, GDPR, and DPDP will be considered an added advantage. Excellent analytical, documentation, report writing, communication, and stakeholder management skills are essential for this role.

Preferred certifications, while not mandatory, include ISO 27001 Lead Auditor (LA) / Lead Implementer (LI), CISA / CISM (in progress or planned is acceptable), CEH / Security+, and COBIT Foundation / ITIL Foundation.