GRC Consultant

About the Position:

As a GRC Consultant, you will play a key role in delivering governance, risk, and compliance services to clients across multiple industries. You will support compliance initiatives, conduct risk assessments, and help organizations align their security programs with recognized standards and regulatory requirements.

Beyond client delivery, you will have the opportunity to help shape and improve our GRC services, contribute to process design, and participate in automating workflows and documentation. While the role is primarily GRC-focused, familiarity with IT systems or DevOps environments is important to ensure that recommendations are practical and aligned with real-world implementation.

You will work closely with technical security and infrastructure teams, bridging governance requirements with operational security practices.

Responsibilities

• Deliver GRC consulting services, including risk assessments, gap analyses, and compliance initiatives
• Support clients in aligning their security programs with standards and regulations such as ISO 27001, SOC 2, and privacy regulations
• Develop and review security policies, procedures, and governance controls
• Assist clients with audit preparation and ongoing compliance maintenance
• Drive project timelines, track progress, and ensure deliverables meet quality and scope expectations
• Collaborate with security and infrastructure teams to ensure recommendations are practical and achievable
• Contribute to the development of new services, methodologies, and automation of GRC workflows
• Provide clear, risk-based recommendations to technical and non-technical stakeholders
• Participate in client workshops, training sessions, and awareness activities

Qualifications:

• Around 1 year of experience in Governance, Risk and Compliance domains or related security roles
• Familiarity with ISO 27001, SOC 2, and privacy regulations
• General understanding of IT infrastructure, cloud environments, or DevOps workflows, sufficient to recommend practical security controls
• Strong analytical skills and attention to detail
• Excellent communication skills, with the ability to explain risk and compliance topics clearly
• DPO course or formal privacy-related training is an advantage