GRC Consultant is highly required for one of our clients specialized in the cyber security industry located in Elshaikh Zayed with the following requirements:
Support vendor risk management engagements and formalized risk analysis engagements.
Support and guide information risk and security discussions with technical and non-technical groups.
Identify enterprise information security and compliance-related problems and challenges; research and develop technical solutions to rectify them.
Assist with documenting enterprise information security programs and related components.
Core Consulting Skills:
Demonstrated communication and presentation skills
Effective written skills
Ability to research and develop new security offerings
Comfortable working in a project-based / client serving model
Ability to lead and shape client expectations
Security Domain Knowledge:
Evaluate information security risk for business environment controls and industry requirements
Must be able to assess clients against a wide variety of security and compliance frameworks (ISO 27001 – COBIT – PCI – ITIL – NIST-etc..).
Security policy, process, procedures, and standards development.
Develop security and compliance Dashboard and KPI.
Required Technical and Professional Expertise
Bachelor’s degree in Information Technology or related field, or four or more years of work experience.
3 – 5 years experience in Information Security and/or Information Risk Management and/or Information Technology
1 – 3 years’ experience within Information Security Governance, Risk and/or Compliance functions and activities
1 – 3 years experience developing, communicating and presenting Information Security and Risk Management concepts to varying audiences
Experience in security governance, risk assessments and regulatory/controls.
Experience with the security and privacy controls environment, regulatory landscape and risk management techniques, principles and practices.
Experience with the development and implementation of information security policies, standards and related procedures for security programs.
CISM or CISA certification.
Familiarity with technologies such as intrusion Prevention Systems (IPS), firewalls, endpoint protection, web/email filtering, Data Loss Prevention (DLP), digital rights management, encryption, Security Event and Incident Management (SEIM), and virtualization platforms
Preferred Tech and Prof Experience
5 – 7 years experience in Information Security and/or Information Risk Management and/or Information Technology
Strong analytical experience
Understanding of available Governance Risk and Compliance (GRC) tool experience such as ARCHER
Ability to assess clients against a wide variety of security and compliance frameworks including State-based privacy and security regulations, SOX, GDPR, NIST-CSF, ISO/27001/2.
2-5 years experience in the same position.
