Senior Consultant-GRC

Inbox is looking for a highly skilled Senior Consultant in Governance, Risk, and Compliance (GRC) to support the development and execution of GRC and ISMS (Information Security Management System) frameworks. The ideal candidate will have a strong understanding of IT governance, risk management, and compliance standards, and will work closely with clients to implement best practices and ensure compliance with industry regulations.

Key Responsibilities:
Assist in the development and execution of Governance, Risk, and Compliance (GRC) and ISMS frameworks to align IT governance with business needs and regulatory requirements.
Conduct thorough risk assessments to identify and analyze potential risks to IT operations and information security, ensuring appropriate mitigation strategies are in place.
Contribute to the development and implementation of security policies, procedures, and controls in line with industry standards such as ISO 27001, COBIT, and NIST.
Support compliance activities, including internal audits, gap analyses, and readiness assessments for ISO 27001 and other relevant standards.
Prepare detailed documentation, reports, and presentations on GRC and ISMS findings, controls, and recommendations for improvements.
Work closely with clients to ensure their understanding and adoption of best practices in IT governance, risk management, and information security.
Facilitate training sessions and awareness programs on information security best practices, compliance requirements, and the implementation of GRC/ISMS controls.
Track and monitor compliance with regulatory requirements, updating policies, procedures, and controls as needed to ensure ongoing adherence to standards.
Collaborate with cross-functional teams to ensure effective implementation of risk management, compliance measures, and IT governance practices.
Provide expert support in reviewing and enhancing client IT policies and procedures to ensure alignment with GRC and ISMS standards.

Requirements

• Proven experience in GRC, ISMS, and risk management, particularly within IT governance frameworks.
• Strong understanding of industry standards and frameworks, including ISO 27001, COBIT, and NIST.
• Experience conducting risk assessments, audits, and compliance assessments.
• In-depth knowledge of regulatory requirements and best practices for IT security and compliance.
• Ability to prepare clear and concise documentation, reports, and presentations.
• Strong problem-solving skills and the ability to offer practical recommendations for improvement.
• Excellent communication skills, with fluency in English (both written and verbal).
• Ability to make informed decisions, balancing business needs with risk management and compliance requirements.
• Experience in facilitating training sessions and awareness programs related to information security and compliance.
• Relevant certifications such as CISM, CISSP, ISO 27001 Lead Implementer, or equivalent.
• Experience working with clients in diverse industries.
• Ability to manage multiple projects and priorities simultaneously in a fast-paced environment.
• Exceptional communication and interpersonal skills, with the ability to engage with stakeholders at all levels.
• Strong decision-making abilities, offering thoughtful and balanced insights on complex compliance and risk issues.
• Strong leadership and team collaboration skills.