PrincipalConsultant - GRC

Inbox is looking for an experienced and highly skilled Principal Consultant in Governance, Risk, and Compliance (GRC) to join our team. This leadership role will be responsible for conducting comprehensive IT governance assessments, managing risk assessment processes, and driving the implementation of GRC strategies. You will be expected to deliver strategic guidance to clients, ensuring they achieve regulatory compliance, mitigate risks, and align IT with business goals. This role also involves mentoring junior consultants and collaborating across various departments to strengthen organizational GRC capabilities.

Key Responsibilities:

• IT Governance Maturity Assessments: Conduct comprehensive assessments of IT governance maturity, identifying gaps and areas for improvement. Recommend and implement best practices to align IT processes with business objectives.
• Risk Management Oversight: Oversee risk assessment and management processes, including the identification, analysis, and prioritization of risks across the organization. Ensure risks are mitigated in alignment with industry standards and best practices.
• GRC Strategy and Frameworks: Develop, implement, and manage Governance, Risk, and Compliance (GRC) strategies and frameworks, ensuring they align IT systems with business goals and regulatory requirements.
• Regulatory Compliance and Cybersecurity: Advise clients on regulatory compliance matters, focusing on data protection, cybersecurity controls, and best practices. Ensure alignment with standards such as ISO 27001, COBIT, NIST, and GDPR.
• Policy Development and Enhancement: Lead the development and enhancement of GRC policies, procedures, and controls to ensure compliance and mitigate operational, regulatory, and cybersecurity risks.
• Audits and Gap Analyses: Conduct gap analyses, audits, and control assessments to identify weaknesses and inefficiencies. Provide detailed reports and actionable recommendations to improve compliance and risk management processes.
• Stakeholder Engagement: Facilitate stakeholder workshops and training sessions to raise awareness of GRC best practices, policy requirements, and compliance obligations.
• Mentorship and Team Leadership: Mentor and guide junior consultants, fostering knowledge-sharing and supporting professional growth within the team. Strengthen team capabilities and ensure high-quality delivery of services.
• Cross-Functional Collaboration: Work closely with cross-functional teams, including IT, legal, finance, and HR, to ensure the effective implementation of GRC frameworks across the organization.
• Industry Awareness: Stay updated on the latest trends in IT governance, risk management, regulatory changes, and technological advancements. Incorporate emerging best practices into client strategies and service offerings.

Requirements

• Bachelor’s degree in computer science, Information Security, Business Administration, or a related field.

• 8+ years of experience in GRC, with a proven track record in IT governance, risk management, and compliance consulting.
• Strong experience in conducting IT governance assessments, risk management, and regulatory compliance, specifically with ISO 27001, COBIT, NIST, GDPR, and other relevant frameworks.
• Expertise in developing and managing GRC strategies, frameworks, and policies.
• Strong analytical skills to assess risks, identify gaps, and recommend improvements.
• Excellent communication and interpersonal skills for client interactions, workshops, and training sessions.
• Strong leadership and mentoring capabilities.
• Ability to collaborate effectively across departments and with senior stakeholders.
• Familiarity with the latest developments in IT governance, cybersecurity, and regulatory trends.
• Relevant certifications such as CISA, CISM, ISO 27001, or COBIT are a plus.