IT GRC / Cybersecurity Consultant

---

We seeking for an experienced and detailed-oriented Audit and Cyber Security Consultants to work along-side our US-based Client Service Delivery Team and their US Based clients: IT Executives and Security Professionals. This role will work closely with the clients to conduct information security assessments, IT GRC audits and IT security and
advisory projects.

Responsibilities:

• Support our US-based Client Service Delivery team by conducting information security assessments, IT GRC audits and IT security and advisory projects
• Engage and communicate with our US-based clients via video conference calls, emails and written reports and client deliverables. A strong command of the English language (both written and spoken) is a must
• Reporting action items, roadblocks, and other tasks during projects to managers and clients – must possess the ability to articulate complex issues in a simple and easy to understand manner
• Effective time management skills, proactively communicate tasks you are working on by updating your task list
• Proactively communication with your manager when tasks are taking longer than budgeted, ask clarifying questions and be proactive to ensure you understand the tasks assigned to you and you feel confident you can get things done in the assigned budget
• Assist in developing client deliverables, including information security policies, client request lists, designing audit test plan, documenting audit test results, identifying, articulating and tracking findings and preparing final audit reports
• Use problem solving and critical thinking skills to quickly identify internal control deficiencies, evaluate their risk implications, and draw the appropriate conclusions
• Conduct specialized IT GRC frameworks audits and assessments (e.g. ISO 27001, HITRUST, HIPAA, NIST etc.)
• Identify and communicate findings, recommendations and apply critical thinking to provide creative and pragmatic solutions that drive project progress effectively
• Conduct comprehensive cyber security audits and risk assessments by evaluating information security policies, procedures, and controls
• Utilize industry and security knowledge to help clients identify vulnerabilities, weaknesses, gaps in controls and potential threats in order to translate into language understandable to the client and actionable for remediation
• Participate in project planning by collaborating with clients and our teams to refine cyber security solutions and implement governance and compliance frameworks
• Demonstrate professional client management skills by building and maintaining relationships with US based clients
• Build and nurture positive working relationships with clients and coworkers, by providing high quality deliverables and communications
• Exercise professional skepticism, judgment and adhere to the code of ethics while on engagements
• This role will report directly to the respective Client Service Delivery Manager

Qualifications:

• 2-4 years of experience working with IT internal audit, risk and/or IT departments and performing readiness assessments or audits of business and IT functions
• Experience performing IT frameworks audits and IT risk assessments (e.g. ISO 27001, HITRUST, HIPAA, NIST, etc.)
• Demonstrated experience in one or more areas of cybersecurity such as network security, identity and access management, threat intelligence, cloud security, GRC.
• Demonstrated ability to manage multiple projects simultaneously and experience scoping, planning, and executing projects autonomously.
• Strong experience with regulatory and compliance standards (e.g., NIST, ISO
  27001/2/17/18/ 27701, SOC 1, SOC 2, SOX, HITRUST, HIPAA, PCI etc.)
• Awareness of or demonstrated willingness to learn about AI Governance frameworks, specifically ISO 42001, is a plus
• Ability to work during U.S. business, time zones (9-6PM)
• Experience working for a U.S. based IT consulting firm (preferred)
• Education and professional credentials
• Bachelor’s degree (in Management Information Systems, Information Technology, Computer Science, Accounting, Business Administration).