GRC Senior

GRC Senior Job roles

Role and Responsibilities:

• Understand and drive adherence to internal security policies and procedures examining records, reports, operating practices, and documentation.
• Support the execution of information security, internal audits, external audits, and compliance reviews (e.g., NRB, CSP, PCI-DSS, ISO)
• Complete reports and documents articulating test methodology and steps taken including the IT controls testing and findings clearly.
• Stay updated on regulation and compliance changes and create awareness.
• Act as a liaison and engage with auditees and control owners regularly to track progress against audit actions and controls in remediation.
• Maintain professional and technical knowledge by attending educational workshops; reviewing professional publications; establishing personal networks; participating in professional societies.
• Actively promote continuous improvement across the company

Qualifications

• Strong verbal/written communication and interpersonal skills.
• Familiarity with industry relevant guidelines, standards, and frameworks
• Willingness to learn new technologies.
• Bachelor's degree in computer science, Information Technology, Information Systems, or related field or CA degree with industry relevant IT knowledge
• Well versed on networking and security devices.

Preferences

• Good IT controls testing experience, with some IS audit experience preferable.
• Good knowledge and understanding of IT controls testing practices, internal control frameworks and risk management activities; and skill in applying internal controls testing principles and practices.
• Knowledge on Databases and Active Directory.
• Some knowledge of internal audit practices and methodologies.
• A demonstrable track record of developing successful relationships across the business.
• Good knowledge of and experience of information systems and related processes.
• Use of security monitoring and assessments tools.
• A focus on continued improvement and achieving high standards.
• Familiar with the existing vulnerabilities on the web, networks, servers, and mobile applications.
• Familiar with different tools and techniques used for Vulnerability Scans.
• Certification: ISO 27001 LA, CISA, COBIT 5, CISM are preferred.
• Minimum of 3 years of experience in (GRC) auditing.