Consultant - ISMS/GRC
4 days ago
Job Summary:
We are seeking a Consultant with proven experience in implementing and maintaining ISO 27001-based Information Security Management Systems (ISMS) and IT Governance, Risk, and Compliance (IT GRC) frameworks. The ideal candidate will have hands-on expertise in ISO 27001 gap assessments, risk assessments, policy development, and certification audit preparation, along with working knowledge of standards such as NIST, NCA, SAMA, COBIT, and ITIL. This role involves supporting compliance programs, developing security controls, conducting awareness training, and assisting clients in aligning IT strategies with regulatory requirements including GDPR, HIPAA, and PCI-DSS. Strong documentation, auditing, and communication skills are essential.
Job Description:
ISMS Responsibilities:
Experience of implementation and maintenance of ISO 27001-based Information Security Management Systems (ISMS).
Perform gap assessments to identify areas of non-compliance and assist in remediation planning against various standards & frameworks like, NIST, NCA, SAMA etc.
Participate in risk assessments and help develop mitigation strategies.
Developing ISMS policies, procedures, and security controls aligned with ISO 27001 standards.
Prepare documentation and provide support during ISO 27001 certification audits.
Conduct security awareness training and incident management processes.
IT GRC Responsibilities:
Assist in developing and implementing IT governance frameworks (COBIT, NIST, ITIL).
Support IT risk assessments, compliance audits, and regulatory reporting activities.
Help clients align IT strategies with their business goals while ensuring compliance with regulations like COBIT, GDPR, HIPAA, SOX, etc.
Support in developing and maintaining IT compliance programs and policies.
Contribute to the development and implementation of GRC tools and processes.
Participate in internal audits and help clients prepare for external certification audits/compliance checks.
Required Qualifications & Experience:
Minimum Bachelor's degree in Information Security, Computer Science, or a related field.
Certifications (preferred): ISO 27001 Lead Implementer / Lead Auditor, CISM, CRISC, or COBIT Foundation.
Experience: 3–4 years of experience in ISMS and IT GRC consulting, auditing, or implementation.
Familiarity with ISO 27001 gap assessments, risk assessments, and audits.
Basic knowledge of IT governance frameworks (COBIT, NIST, ITIL, etc.).
Understanding of regulatory compliance such as GDPR, NIST, and PCI-DSS.
Strong documentation, report writing, and communication skills is a must.
- Master's or Bachelor's degree in Information Technology, Computer Science, or IT-related field.
- ITIL Expert/Managing Professional, ISO 20000 Lead Implementer / Lead Auditor, ISO 22301 Lead Implementer / Lead Auditor, CBCP (Certified Business Continuity Professional).
- 6-8 years of experience in ITSM and BCMS consulting or related roles.
- In-depth knowledge of ITIL, ISO 22301, and other relevant frameworks/regulations.
- Practical experience in ISO 22301 implementation, BIA, DR planning, and BCMS assessments.
- Familiarity with IT compliance standards such as ISO 27001, COBIT, and NIST, NCA.
- Excellent analytical, problem-solving, and decision-making skills.
- Proven ability to manage multiple projects and clients simultaneously.
- Experience in conducting internal and external audits related to ITSM and BCMS.
- Strong stakeholder engagement, report writing, and project management skills.
-
Consultant - GRC
2 weeks ago
Karachi, Sindh, Pakistan Risk Associates Pvt. Ltd. Full timeLead Cybersecurity assessments, including risk assessments, vulnerability assessments, and compliance audits, to evaluate clients' Cybersecurity posture.Develop and implement Cybersecurity frameworks, policies, and procedures to address identified risks and compliance gaps, ensuring alignment with industry standards and regulatory requirements.Collaborate...
-
Senior Consultant
2 weeks ago
Karachi, Sindh, Pakistan Risk Associates Pvt. Ltd. Full timeDevelop and execute comprehensive Cybersecurity strategies and programs for clients, aligning with industry standards and regulatory requirements.Provide strategic guidance and oversight on complex Cybersecurity initiatives, including regulatory compliance, risk management, and governance processes.Educate and train clients on cybersecurity best...
-
Manager – Audits
7 days ago
Karachi, Sindh, Pakistan Sui Southern Gas Company Limited Full timeManager – Audits (Consulting Assignments)September 23, 2024JOB DETAILS:Qualification & Experience:MBA with at least 04 years of relevant experience. Any relevant certification for job role will be preferred. Experience of PPRA rules / quality control procedures will be preferred.Responsibilities:Consulting AssignmentsManaging Grievance Redressal Committee...
-
Senior Audit Manager
1 week ago
Karachi, Sindh, Pakistan beBeeAuditManager Full time 1,500,000 - 2,500,000Role Overview:We are seeking a highly skilled professional to lead our audit operations. As a key member of our team, you will be responsible for managing consulting assignments and ensuring compliance with regulatory requirements.Responsibilities include:Managing Consulting AssignmentsCoordinate and manage consulting assignments received from...
-
Doha Qatar
4 days ago
Karachi, Sindh, Pakistan Rankskills Knowledge International Pvt Ltd Full time $104,000 - $130,878 per yearOne of our client, one of the global top 10 auditing and advisory firm is seeking suitable candidate to lead their Internal Auditor business vertical in QatarBelow are the role requirementsWork Location – Doha Qatar (on-site)Position – Sr Manager / Director Internal Audit GRC Service Line (Based on experience level)Qualification : Certified CA, ACCA,...
-
Sales Manager
2 weeks ago
Karachi, Sindh, Pakistan Liztek Full time $90,000 - $120,000 per yearAbout LiztekFounded in 2013,Liztekis a global technology company driving innovation in data, AI, and workforce transformation. Headquartered in Canada with operations in Dubai and Pakistan, we deliver advanced FinTech solutions—including Governance, Risk & Compliance (GRC), Audit platform and Financial Crime Compliance (FCC) solution, Unified global...
-
Business Development Intern
1 week ago
Karachi, Sindh, Pakistan The Global CB Private Limited Full time 20,000 - 200,000 per yearJoin Our Team – Internship Opportunity in Business DevelopmentGlobal CB (GCB) is a leading consultancy firm specializing in Information Security, ISO Certifications, GRC Compliance and Professional Training. We are expanding our Business Development team and inviting energetic, motivated and ambitious individuals to join us as Interns.Position: Sales...
-
Technical Support Officer
7 days ago
Karachi, Sindh, Pakistan Inbox Business Technologies Full timeOverviewInbox Business Technologies is a leading IT and services company and we're looking for a Technical Support Officer to join our team. The successful candidate will be responsible for providing technical support and assistance to our clients. This is a unique opportunity to join a dynamic and growing team and to learn new skills in the IT...
-
middle management position
2 weeks ago
Karachi, Sindh, Pakistan HRSI Full time 900,000 - 1,200,000 per yearCompany Overview: Our Client, a Karachi based company, seeks to appoint experienced professionals for the following role: Key ResponsibilitiesDefine and enforce SAP security policies, procedures, and standards across all SAP landscapes Lead the development and execution of role design strategy, aligned with Segregation of Duties (SoD) and internal...
-
Technical Support Officer
2 weeks ago
Karachi, Sindh, Pakistan Inbox Business Technologies Full time1 month ago Be among the first 25 applicantsInbox Business Technologies is a leading IT and services company and we're looking for a Technical Support Officer to join our team. The successful candidate will be responsible for providing technical support and assistance to our clients. This is a unique opportunity to join a dynamic and growing team and to...
