GRC Analyst/Consultant

• 5+ years of proven, practical experience in a dedicated GRC Analyst, Information Security Risk, or IT Compliance role.
• Strong, hands-on knowledge of the ISO/IEC 27001 standard (familiarity with ISO 27005 or NIST CSF is a strong plus).
• Demonstrable experience in contributing to the design of risk methodologies or implementing GRC workflows from the ground up.
• Exceptional analytical skills with high attention to detail; able to evaluate complex IT processes and propose pragmatic, risk-based solutions.
• Fluency in English (both written and spoken) with solid stakeholder management skills.
• Ability to balance control rigor with business delivery speed.

Process Design & Framework Support:

• Collaborate on the design, development, and deployment of the organization's corporate Cybersecurity GRC policies and operating procedures.
• Help map out and operationalize end-to-end risk management processes, remediation workflows, and control patterns.
• Assist in establishing technical and organizational compliance controls aligned with ISO 27001 standards.

Risk Analysis & Mitigation:

• Execute comprehensive risk identification and assessment cycles across various business and IT assets.
• Conduct detailed gap analyses against security frameworks to identify vulnerabilities and areas of non-compliance.
• Own and maintain the corporate IT/Cyber Risk Register, ensuring all identified threats are properly documented, tracked, and prioritized for remediation.

Stakeholder Collaboration & Documentation:

• Work closely with IT infrastructure teams, Legal, and Business Leaders to ensure compliance requirements are understood and met.
• Translate complex regulatory requirements into plain language, creating clear operating procedures and checkpoints for internal teams.