GRC consultant(5+yrs)

Job Title: GRC Senior Consultant

Location: Mumbai fully Onsite

Job Type: Full-time

Department: Risk & Compliance / IT Security

Reports To: GRC Manager / Director

Job Summary

The GRC Senior Consultant will play a key role in designing, implementing, and managing governance, risk management, and compliance programs across organizations. This position requires deep expertise in regulatory compliance, risk assessment, internal controls, and security frameworks. The consultant will engage with clients to ensure compliance with industry standards, improve risk posture, and integrate GRC best practices into business operations.

Key Responsibilities

Governance & Compliance

• Design and implement GRC frameworks aligned with industry best practices (ISO 27001, NIST, COBIT, PCI-DSS, GDPR, SOC 2, etc.).

• Ensure adherence to regulatory compliance (SOX, HIPAA, GDPR, CCPA, etc.) for clients or internal business units.

• Develop and maintain corporate policies, procedures, and control frameworks to support compliance.

• Conduct gap analysis and develop remediation plans for compliance risks.

• Manage audits and liaise with regulatory bodies and external auditors.

Risk Management

• Perform risk assessments (IT, cybersecurity, operational, third-party) and develop mitigation strategies.

• Implement risk management frameworks like COSO, ISO 31000, and FAIR (Factor Analysis of Information Risk).

• Develop and execute Business Continuity Plans (BCP) and Disaster Recovery Plans (DRP).

• Oversee third-party risk management (vendor assessments, due diligence, contract compliance).

Security & Controls

• Assess and enhance IT security controls using frameworks like NIST CSF and CIS Controls.

• Implement Identity and Access Management (IAM), Data Protection, and Incident Response policies.

• Work with cybersecurity teams to ensure security controls are effectively integrated into business processes.

• Drive security awareness programs and conduct training sessions.

GRC Tools & Automation

• Deploy and manage GRC tools (RSA Archer, ServiceNow GRC, MetricStream, LogicGate, OneTrust).

• Develop and maintain dashboards, reporting systems, and automation scripts for continuous compliance monitoring.

• Lead the adoption of AI/ML-based risk management solutions where applicable.

Stakeholder Engagement & Advisory

• Act as a trusted advisor to clients and business stakeholders on risk and compliance matters.

• Work with C-level executives, IT teams, auditors, and legal teams to align GRC strategies with business objectives.

• Conduct workshops, training sessions, and executive briefings on compliance and risk management trends.

Required Skillset

Technical Skills

• Strong knowledge of GRC frameworks: ISO 27001, NIST, COBIT, SOC 2, GDPR, PCI-DSS, HIPAA.

• Experience in risk assessment methodologies: ISO 31000, COSO ERM, FAIR, etc.

• Expertise in audit processes (internal/external) and regulatory compliance standards.

• Proficiency in GRC platforms (RSA Archer, MetricStream, ServiceNow, OneTrust, etc.).

• Strong understanding of IT security controls, cloud security, and data privacy.

• Ability to design and evaluate BCP, DRP, and incident response strategies.

• Knowledge of third-party risk management and vendor risk assessment.

Soft Skills & Competencies

• Strong analytical and problem-solving abilities.

• Excellent communication and stakeholder management skills.

• Ability to translate regulatory requirements into actionable strategies.

• Experience in project management and cross-functional collaboration.

• Ability to work independently and manage multiple projects simultaneously.

Certifications (Preferred & Required)

• Mandatory Certifications (One or More Preferred):

CISSP (Certified Information Systems Security Professional)

CISA (Certified Information Systems Auditor)

CISM (Certified Information Security Manager)

CRISC (Certified in Risk and Information Systems Control)

ISO 27001, ISO 27701, ISO 22301, ISO 20000-1, ISO 9001, ISO 42001 Lead Lead Auditor & Lead Implementor

CIPP/E or CIPM (Certified Information Privacy Professional/Manager) – for privacy compliance

CPA/CIA (for SOX and financial risk management)

• Additional Advantageous Certifications:

COBIT 5 / COBIT 2019 Foundation

ITIL Foundation

PMP / PRINCE2 (Project Management)

Certified Ethical Hacker (CEH) (for cybersecurity exposure)

Prior Experience

• 5+ years of experience in GRC, cybersecurity, risk management, or compliance consulting.

• Hands-on experience in regulatory compliance audits, security assessments, and risk analysis.

• Experience in implementing and managing GRC solutions across industries.

• Prior experience working in Big 4 consulting firms (Deloitte, EY, PwC, KPMG) or in a regulated industry (banking, healthcare, fintech, etc.) is preferred.

• Proven track record in policy development, control assessments, and audit engagements.

Why Join Us?

• Opportunity to work with top-tier clients across industries.

• Exposure to cutting-edge GRC automation tools and AI-driven risk analytics.

• Collaborative, learning-focused work culture with career growth opportunities.

• Competitive salary and benefits package, including certification sponsorship and upskilling programs.

Application Process:

Interested candidates can apply online or send their updated CV and certifications to mittal@techturmeric.com

Job Types: Full-time, Permanent

Pay: Up to ₹1,100,000.00 per year

Benefits:

• Provident Fund

Schedule:

• Day shift
• Monday to Friday
• Weekend availability

Application Question(s):

• Do you have proficiency in GRC platforms (RSA Archer, MetricStream, ServiceNow, OneTrust, etc.).?

Experience:

• expertise in frameworks ISO 27001, NIST, PCI-DSS, GDPR: 5 years (Required)
• GRC consultant: 5 years (Required)

Location:

• Andheri, Mumbai, Maharashtra (Preferred)

Work Location: In person