GRC Consultant with CRISC certification
Duration: 6 Months (Extendable)
PRIMARY DUTIES & RESPONSIBLITIES:
- Develop and participate in implementation of ISO 27001:2013 initiatives
- Implement and drive activities related to technology risk reduction, governance and compliance to policies and external regulatory compliance.
- Evaluate IT risks and develop risk mitigation strategies, and corrective actions.
- Provide recommendations to improve organizational security posture through process improvement, policy automation and continuous evolution of capabilities.
- Document and report on security gaps and provide remediation guidance, prepare management reports, track remediation activities.
- Conduct risk and exception assessments by assessing multiple inputs from internal/external sources
- Conduct due diligence assessments on third party vendors using supply chain risk management practices.
- Implement effective processes within the GRC function to automate and continuously monitor information security controls, exceptions, risks reporting metrics, dashboards and evidence artifacts.
- Interviewing various stakeholders across the organization to determine security controls implementation and effectiveness by collecting and analyzing evidence and documenting findings and tracking to closure.
KEY SKILLS
- Ability to conduct risk assessments on IT systems
- Deep Knowledge of risk assessment methodologies, cyber security operations and InfoSec business processes
- Experience of working on GRC technology enabled risk and compliance transformation programs required
- Advanced proficiency in MS Office suite specifically Excel
- Knowledge of Security best practice, methodologies, systems and third party providers
- Proficiency in the English language,
Requirements
EXPERIENCE
- Minimum 8-12 years of experience in Governance Risk and Compliance (InfoSec)
- CRISC certification
- Experience in the UAE or Middle East is desirable
- Experience in deployment of GRC tools for a large enterprise
- Experience implementing security controls such as ISO 27002, UAE IA, NIST controls
- Proficient in conducting IT risk assessment
EDUCATION
- Degree level qualification, preferably Bachelors or comparable, with strong emphasis in Management Information Systems (MIS), Computer Science, Governance, or a related field
EXPERIENCE Minimum 8-12 years of experience in Governance Risk and Compliance (InfoSec) CRISC certification Experience in the UAE or Middle East is desirable Experience in deployment of GRC tools for a large enterprise Experience implementing security controls such as ISO 27002, UAE IA, NIST controls Proficient in conducting IT risk assessment EDUCATION Degree level qualification, preferably Bachelors or comparable, with strong emphasis in Management Information Systems (MIS), Computer Science, Governance, or a related field