GRC Consultant

Description:

Lead GRC Consultant

Experience: 10+ Years

Location: Mumbai Lower Parel

Joining: Immediate Joiners Preferred

CTC: As per Industry Standards

Qualifications & Experience

Minimum Requirements:

- Experience: 10+ years in Information Security GRC, with at least 4 years in a leadership/managerial role.

- Mandatory Certifications: At least one of CISA, CISM, or CISSP.

- Technical Expertise: Hands-on experience implementing or auditing RBI, SEBI, and ISO 27001 frameworks.

- Education: Bachelors degree in IT, Computer Science, or a related field.

Preferred Qualifications:

- Prior experience in Big 4 consulting or specialized boutique cyber security firms.

- Privacy Certifications: CIPP/E, CIPM, or CDPO (specifically for DPDP Act implementation).

- Advanced Risk: CRISC certification.

- Education: MBA or Masters in Information Security Management.

Role Summary

The Lead GRC Consultant will be responsible for overseeing the delivery of Audit, Risk, Compliance, and Privacy consulting services. This role involves managing enterprise-level engagements, ensuring regulatory alignment for clients, and providing expert advisory on complex security frameworks. The Lead will also be responsible for team leadership, methodology design and maintaining high-quality delivery standards.

Key Responsibilities

1. Engagement & Portfolio Management

- Oversee the end-to-end delivery of GRC consulting projects (Audit, Compliance, and Privacy).

- Align security and regulatory programs with client business objectives and risk appetite.

- Develop long-term risk management and regulatory transformation roadmaps for clients.

2. Regulatory Advisory

- Provide expert interpretation of Indian and global regulations, including:

- RBI Cyber Security Frameworks (Banks & NBFCs)

- SEBI Cyber & IT Guidelines

- DPDP Act, CERT-In Directions, and NIST Framework

- ISO 27001:2022

- Formulate defensible compliance positions and advisory reports for regulatory submission.

3. Executive Stakeholder Management

- Act as the primary point of contact for CXOs, CISOs, and Risk Heads.

- Translate technical audit findings into operational and financial risk language for board level reporting.

- Assist clients in securing approvals for security investments and compliance initiatives.

4. Quality Governance

- Act as the final authority for technical review and quality assurance of all client deliverables.

- Manage escalations related to project delivery and regulatory risks.

- Ensure all audit reports and attestations meet industry and regulatory benchmarks.

5. Practice Development

- Define GRC delivery methodologies, operating models, and standardized templates.

- Lead recruitment efforts for senior and niche domain roles within the GRC practice.

- Mentor team members and define competency frameworks and career paths.