Consultant - ISMS/GRC

Job Summary: 

We are seeking a Consultant with proven experience in implementing and maintaining ISO 27001-based Information Security Management Systems (ISMS) and IT Governance, Risk, and Compliance (IT GRC) frameworks. The ideal candidate will have hands-on expertise in ISO 27001 gap assessments, risk assessments, policy development, and certification audit preparation, along with working knowledge of standards such as NIST, NCA, SAMA, COBIT, and ITIL. This role involves supporting compliance programs, developing security controls, conducting awareness training, and assisting clients in aligning IT strategies with regulatory requirements including GDPR, HIPAA, and PCI-DSS. Strong documentation, auditing, and communication skills are essential.

Job Description: 

ISMS Responsibilities: 

• Experience of implementation and maintenance of ISO 27001-based Information Security Management Systems (ISMS). 

• Perform gap assessments to identify areas of non-compliance and assist in remediation planning against various standards & frameworks like, NIST, NCA, SAMA etc. 

• Participate in risk assessments and help develop mitigation strategies. 

• Developing ISMS policies, procedures, and security controls aligned with ISO 27001 standards. 

• Prepare documentation and provide support during ISO 27001 certification audits. 

• Conduct security awareness training and incident management processes. 

IT GRC Responsibilities: 

• Assist in developing and implementing IT governance frameworks (COBIT, NIST, ITIL). 

• Support IT risk assessments, compliance audits, and regulatory reporting activities. 

• Help clients align IT strategies with their business goals while ensuring compliance with regulations like COBIT, GDPR, HIPAA, SOX, etc. 

• Support in developing and maintaining IT compliance programs and policies. 

• Contribute to the development and implementation of GRC tools and processes. 

• Participate in internal audits and help clients prepare for external certification audits/compliance checks. 

Required Qualifications & Experience: 

• Minimum Bachelor’s degree in Information Security, Computer Science, or a related field. 

• Certifications (preferred): ISO 27001 Lead Implementer / Lead Auditor, CISM, CRISC, or COBIT Foundation. 

• Experience: 3–4 years of experience in ISMS and IT GRC consulting, auditing, or implementation. 

• Familiarity with ISO 27001 gap assessments, risk assessments, and audits. 

• Basic knowledge of IT governance frameworks (COBIT, NIST, ITIL, etc.). 

• Understanding of regulatory compliance such as GDPR, NIST, and PCI-DSS. 

• Strong documentation, report writing, and communication skills is a must. 

• Master’s or Bachelor’s degree in Information Technology, Computer Science, or IT-related field.
• ITIL Expert/Managing Professional, ISO 20000 Lead Implementer / Lead Auditor, ISO 22301 Lead Implementer / Lead Auditor, CBCP (Certified Business Continuity Professional).
• 6-8 years of experience in ITSM and BCMS consulting or related roles.
• In-depth knowledge of ITIL, ISO 22301, and other relevant frameworks/regulations.
• Practical experience in ISO 22301 implementation, BIA, DR planning, and BCMS assessments.
• Familiarity with IT compliance standards such as ISO 27001, COBIT, and NIST, NCA.
• Excellent analytical, problem-solving, and decision-making skills.
• Proven ability to manage multiple projects and clients simultaneously.
• Experience in conducting internal and external audits related to ITSM and BCMS.
• Strong stakeholder engagement, report writing, and project management skills.