GRC Consultant

Job Description – Associate GRC (Governance, Risk & Compliance) Consultant

Position Summary

The Associate GRC Consultant will support clients and internal teams in the implementation, assessment, and improvement of Governance, Risk, and Compliance programs. This entry- to mid-level role focuses on assisting in risk assessments, compliance audits, policy development, and control evaluations, while gaining exposure to leading frameworks and regulatory requirements. The candidate must have working knowledge of ISO 27001, SOC-2, PCI-DSS and other standards and regulatory frameworks.

Key Responsibilities

• Governance & Policy

o Assist in the development, review, and maintenance of IT and security policies, standards, and procedures.

o Support alignment of organizational policies with industry frameworks (ISO 27001, NIST, SOC-2, etc.).

• Risk Management

o Participate in risk assessments to identify, evaluate, and document risks across IT and business processes. o Assist in the design and monitoring of risk treatment and mitigation plans.

o Support third-party/vendor risk assessment activities.

•
Compliance

o Help track compliance with regulatory requirements (e.g., GDPR, HIPAA, PCI DSS, CCPA, SOC 2).

o Assist in preparing compliance reports, audit documentation, and evidence gathering.

o Collaborate with internal and client stakeholders during external or internal audits.

• Controls & Assurance

o Support assessment of IT general controls (ITGCs), application controls, and operational controls.

o Contribute to testing control effectiveness and documenting findings.

o Help with continuous monitoring activities and reporting.

• Client Engagement & Documentation

o Prepare deliverables such as risk registers, audit reports, policy drafts, and presentations.

o Participate in client workshops, interviews, and walkthroughs.

o Maintain accurate project documentation and follow up on action items.

Qualifications

•
Education:
Bachelor's degree in information security, Computer Science, Business, or related field.

•
Certifications
(Preferred / Plus): ISO 27001 Lead Implementer/Auditor, CISA, CRISC, CompTIA Security+, or working toward similar certifications.

•
Experience:

o 1–2 years of experience in IT audit, cybersecurity, risk management, or compliance.

o Familiarity with frameworks such as ISO 27001, NIST CSF, COBIT, or PCI DSS is a plus.

•
Skills:

o Strong analytical, problem-solving, and documentation skills.

o Ability to learn quickly and adapt to client needs.

o Good communication and presentation skills.

o Proficiency with MS Office; experience with GRC tools is advantageous.