GRC Analyst (IT Auditor)

GRC Analyst ( IT Auditor)

About the Role:

As a GRC Analyst (IT Auditor), you will play a crucial role in ensuring the company’s compliance with information security standards, policies, and regulations. You will be responsible for evaluating and assessing the effectiveness of the organization’s IT controls, identifying potential risks, and providing recommendations for improvement. Your expertise in IT auditing, risk assessment, and governance will contribute to maintaining a secure and compliant IT environment..

What You’ll Do:

• Utilize MS Word, Excel, and PowerPoint proficiently to accomplish tasks.
• Demonstrate excellent problem-solving and communication skills.
• Apply knowledge of information security governance, risk, and compliance.
• Understand and implement the ISO 27001 framework for audits and implementation, conduct third-party risk assessments, and ensure compliance with privacy regulations such as GDPR and other applicable laws.
• Possess a working knowledge of network infrastructure and cloud infrastructure, particularly AWS.
• Engage with multiple stakeholders to gain an understanding of specific requirements, both internal and external.
• Perform third-party risk assessments and conduct client due diligence.
• Participate in pre-sales and post-sales calls to address security and privacy concerns related to applications.
• Document policies, procedures, and other internal documents as required.
• Track and manage incidents, data subjects’ access requests, risks, VAPT (Vulnerability Assessment and Penetration Testing), and other relevant activities.
• Coordinate and manage multiple teams to ensure timely completion of key performance indicators.
• Lead projects for implementing security solutions.
• Follow up with vendors, clients, and internal teams on various activities, including VAPT, evidence sharing, and more.

What You'll Need:

• Bachelor’s degree in Information Technology, Computer Science, or a related field.
• Proven experience of 2-6 years in IT auditing, risk assessment, or governance roles.
• Relevant certifications, such as ISO 27001 (Lead Auditor/Lead Implementer), ISO 27701 (Lead Auditor/Lead Implementer), CEH (Certified Ethical Hacker), or similar credentials.

Experience: 2-6 years