GRC Consultant

Job Title:
GRC Consultant
Experience:
1 – 2 years
Location:
Kolkata & Bengaluru
Company Description
ISECURION is a leading cybersecurity services provider, ISO 27001:2022 certified and CERT-IN empanelled. We offer innovative solutions and cutting- edge research to address the evolving threats in the cyber landscape. We work with a diverse clientele, both global and Indian, to safeguard their digital assets, deliver strategic security consulting, and enhance their cyber resilience.
Are You Passionate in Joining our GRC division of ISECURION?
Role Overview
The GRC Consultant will be responsible for performing cybersecurity governance, risk, and compliance activities aligned with regulatory frameworks such as SEBI CSCRF, RBI IS & CSF, NABARD IS & CSF, UIDAI Sub-AUA/Sub-KUA, and other regulatory standards applicable to financial institutions. The role involves conducting audits, assessing security controls, evaluating cybersecurity posture, and assisting organizations in implementing regulatory requirements.
Roles & Responsibilities
SEBI CSCRF Implementation & Assessment
• Conduct SEBI CSCRF (Cyber Security and Cyber Resilience Framework) assessments for Stock Brokers and Market Intermediaries.
• Evaluate cybersecurity maturity against SEBI CSCRF guidelines and regulatory expectations.
• Review implementation of cybersecurity governance, policies, and operational security controls.
• Identify compliance gaps and provide recommendations for remediation.
• Assist organizations in CSCRF implementation, documentation, and regulatory compliance.
IT Audit & Cybersecurity Audit
• Perform Information Systems (IS) Audits and Cyber Security Framework (CSF) audits for Banks and Financial Institutions.
• Assess security controls across network security, application security, endpoint security, and infrastructure security.
• Review access management, logging & monitoring, incident response, and vulnerability management practices.
Sub-AUA / Sub-KUA Compliance Audits
• Conduct Sub-AUA (Authentication User Agency) and Sub-KUA (KYC User Agency) audits as per regulatory and UIDAI guidelines.
• Assess compliance with data security, encryption, identity management, and authentication controls.
Risk Assessment & Compliance Management
• Conduct IT Risk Assessments and Gap Assessments against regulatory frameworks.
• Support organizations in implementing cybersecurity policies, standards, and procedures.
• Assist in control implementation and compliance monitoring.
• Prepare audit reports, risk registers, and compliance documentation.
Security Governance & Advisory
• Provide advisory support on cybersecurity governance and regulatory compliance.
• Assist clients in strengthening security architecture and cyber resilience practices.
• Track emerging cybersecurity threats, vulnerabilities, and regulatory updates.
Technical Requirements
Regulatory & Compliance Knowledge
• Strong understanding of SEBI Cyber Security & Cyber Resilience Framework (CSCRF).
• Experience in conducting CSCRF audits for Stock Brokers or Market Participants.
• Knowledge of BFSI cybersecurity regulatory requirements.
Audit & Governance
• Experience performing IT Audits and Information Security Audits.
• Understanding of ITGC controls and IT governance frameworks.
• Familiarity with risk management frameworks and compliance reporting.
Security Controls Knowledge
• Understanding of security domains such as:
• Identity & Access Management
• Network Security
• Endpoint Security
• Vulnerability Assessment & Patch Management
• Security Monitoring & Incident Response
• Data Security & Encryption
• Backup & Disaster Recovery
•Third-party risk management
Documentation & Compliance
• Drafting Information Security Policies and Procedures
• Preparing audit reports and risk assessment documentation
• Supporting regulatory compliance activities
Desired Qualifications & Certification
• B.E / B. Tech in Computer Science / Information Technology / Cybersecurity
• ISO 27001 Lead Auditor (LA) Certification
Required Skills
• IT Audit & Security Control Testing
• Cybersecurity Maturity Assessment
• Fraud Vulnerability Index (VINFRA)
• Vulnerability Index of Cyber Security Framework (VICS)
• Assessment of Security Policy
• Risk Identification & Mitigation
• Audit Documentation & Reporting
• Vulnerability & Threat Risk Understanding
• Gap Analysis
• Cybersecurity Control Implementation
• Cert-In , compliant Audit report writing.
Communication Skills
• Strong verbal and written communication skills.
• Ability to communicate effectively with technical and non-technical stakeholders.
• Language proficiency:
- English
- Hindi
- Bengali
Behavioral Requirements
• Strong integrity and ethical conduct, especially when handling sensitive security information.
• Ability to work in regulated and compliance-driven environments.
• Analytical mindset for identifying risks and security gaps.
• Attention to detail in audit reviews and compliance assessments.
• Ability to manage multiple audits and compliance activities simultaneously.
• Client-centric approach when delivering advisory and audit services.
• Strong team collaboration and knowledge sharing.
• Willingness to continuously learn regulatory updates and cybersecurity practices.
• Ability to work under strict timelines and audit schedules.