GRC Senior Consultant / Assistant Manager – Cybersecurity

About the job

Role Overview We are looking for a GRC Senior Consultant / Assistant Manager – Cyber with hands-on experience in TPRM, GRC, and ISMS engagements. The role involves supporting and leading governance, risk, and compliance initiatives across clients, working closely with internal stakeholders and client teams. Key Responsibilities • Execute and support Third-Party Risk Management (TPRM) assessments, including vendor risk evaluations and due diligence • Perform GRC assessments covering policy reviews, risk identification, risk treatment, and control effectiveness • Support ISMS implementation and maintenance aligned with ISO 27001 requirements • Conduct risk assessments, gap assessments, and control testing across cyber and information security domains • Assist in drafting and reviewing security policies, standards, SOPs, and risk registers • Coordinate with client stakeholders for data collection, walkthroughs, and closure of observations • Support internal reviews, audits, and compliance reporting • Contribute to continuous improvement of GRC frameworks and methodologies Required Skills & Experience • Minimum 2+ years of relevant experience in GRC / TPRM / ISMS • Hands-on exposure to TPRM frameworks, vendor risk assessments, and third-party governance • Working knowledge of ISO 27001, ISMS controls, and audit processes • Understanding of cyber risk management, control frameworks, and compliance requirements • Experience working with consulting or risk advisory teams is preferred • Strong documentation, communication, and stakeholder coordination skills Certifications (Good to Have) • ISO 27001 Lead Implementer / Lead Auditor • CISA / CISM / CISSP (or pursuing)

Requirements

• TPRM frameworks
• vendor risk assessments
• third-party governance
• ISO 27001
• ISMS controls
• audit processes
• cyber risk management

Preferred Technologies

• TPRM frameworks
• vendor risk assessments
• third-party governance
• ISO 27001
• ISMS controls
• audit processes
• cyber risk management