GRC Senior Consultant

Company Description

At Astra Cybertech, we are cybersecurity experts committed to safeguarding digital assets. With a team of seasoned professionals offering a comprehensive suite of cybersecurity services, we aim to build resilient defense strategies tailored to specific requirements. Our focus is on staying ahead of evolving cyber threats and providing customized training and security consulting services to bolster your cybersecurity framework.

Key Responsibilities:

In this key role, you will lead comprehensive risk assessments, ensure compliance with standards like ISO 27001 and SOC 2, and oversee internal and external audits.

Governance & Compliance

• Lead and perform end-to-end audits covering ITGC, cybersecurity, privacy, and third-party risk.
• Review governance structure, policy lifecycle, and enterprise risk posture.
• Ensure compliance with relevant regulatory requirements (e.g., RBI, SEBI, IRDAI, GDPR).

Audit Execution

• Develop detailed audit plans, risk assessments, and testing procedures.
• Conduct control walkthroughs, validate control designs, and test operating effectiveness.
• Collect, analyze, and evaluate evidence to support audit conclusions.

Reporting & Risk Management

• Draft comprehensive audit reports, highlighting findings, risks, and recommendations.
• Work with stakeholders to track remediation of audit issues and validate closure.
• Assist in risk register maintenance and the development of corrective action plans (CAPs).

Stakeholder Engagement

• Collaborate with cross-functional teams including IT, InfoSec, Legal, and Risk.
• You will be responsible for enhancing security controls, developing policies, and leveraging GRC platforms to provide strategic insights to leadership.
• Present findings to senior leadership and support regulatory inspections and external audits.
• Conduct awareness/training sessions on audit readiness and compliance topics.

Frameworks & Tools

• Apply frameworks like ISO 27001, NIST CSF, COBIT, CIS Controls.
• Utilize GRC tools (e.g., Archer, ServiceNow GRC, Metric Stream) for control and risk management.
• Leverage technical tools for control validation (e.g., SIEM, DLP, PAM, vulnerability scanners).

Skills

• Excellent analytical, documentation, and report writing skills.
• Deep technical understanding of IT infrastructure, security tools, and processes.
• Effective communication and stakeholder management skills.

Qualification:

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or related field.

• 4+ years

  of GRC experience, deep knowledge of frameworks like NIST, and strong analytical skills..
• Exposure to regulatory guidelines (IRDAI, RBI, SEBI, etc.).

• ISO 27001 certification mandatory.

• Professional certifications such as

  CISSP, CISA, or CRISC

  are highly desirable.

• Immediate Joiners Preferred.

.