GRC Consultant Jobs

Matayo AI Solutions Pvt Ltd (Matayo 360 GRC Service Division) is looking for a passionate GRC Consultant to join our fast-growing compliance advisory team.If you live and breathe ISO 27001, SOC 2, PCI DSS can think like an auditor, and love solving risk management puzzles we want to meet you! Position: Location: Hybrid (Bangalore/ Remote India) Experience: 12 Years in GRC / ISO 27001 Implementation Qualification: ISO 27001 Lead Implementer or Lead Auditor (Mandatory)CTC: 4,50,000 PA to 6,00,000 PA Key Skills Required: Hands-on experience in implementing and auditing ISO/IEC 27001:2022 Familiarity with ISO 31000 Risk Management principles Understanding of Annex A controls and Statement of Applicability (SoA) Experience conducting Internal Audits, Risk Assessments, and GAP Analysis Documentation skills policies, procedures, risk registers, audit checklists Exposure to SOC 2 readiness, GDPR, or DPDPA (added advantage) Excellent written and verbal communication skills Roles & Responsibilities:1 Governance & Compliance Assist clients in implementing ISO 27001:2022 ISMS framework, including defining scope, policy documentation, control implementation, and management review. Conduct GAP assessments and prepare SoA and Risk Treatment Plans. Align controls with frameworks like SOC 2, PCI DSS, HIPAA, and GDPR as needed.2 Risk Management Perform risk identification, analysis, and evaluation in line with ISO 31000. Develop and maintain Risk Register using impactlikelihood matrices. Recommend and track risk treatment plans and mitigation actions.3 Internal Audit & Assurance Plan and execute Internal Audits based on ISO 27001:2022 Annex A controls. Collect and review evidence from business, IT, and HR departments. Prepare audit reports, NC (Nonconformity) logs, and CAPA (Corrective Action) tracking. Support clients in external certification audits with CBs.4 Documentation & Reporting Draft and maintain compliance documents: ISMS Manual, Policies, Procedures, Risk Register, SoA, and Audit Checklists. Prepare MIS dashboards, compliance status reports, and management review summaries.5 Client Engagement & Delivery Support end-to-end GRC project execution from scoping to closure. Coordinate with cross-functional teams and external auditors. Deliver presentations and training to clients on ISMS and Risk Management concepts. Project Exposure: Should have successfully executed at least two (2) complete ISO 27001 or integrated GRC implementation projects (from GAP to certification stage). Soft Skills: Strong analytical, problem-solving, and documentation capabilities Ability to manage multiple client projects simultaneously High integrity, confidentiality, and attention to detail Career Path: Growth into Senior GRC Consultant / vCISO Track within 23 years Exposure to global frameworks SOC 2, PCI DSS, HITRUST, ISO 42001 (AI Governance), NIST Compensation:Competitive salary based on experience and certification level performance-based incentives per project completion How to Apply: Send your resume and certification copies toadmin_hr@matayo-ai.com

5+ years in SAP Security with 1 S4h implementation exp

Trojan Hunt India, MSME Registered, ISO 9001: 2015 and ISO 27001: 2022 certified company, is amongst the leading Information Security and Cyber Intelligence companies and provides unmatched services and state-of-the-art products to clients throughout the world. We specialize in addressing end-to-end Enterprise Risk.Our clients range from private organizations and government sectors to Subject Matter Experts (SMEs) and third-sector associations each being offered varying solution/service interests such as business intelligence, corporate fraud investigations, electronic and technical surveillance, vulnerability assessment, private investigation, social media fraud investigations, legal investigation services (including forensics), cybercrime investigation, penetration testing, incident response, removal of defamatory contents and many more.Designation- GRC ConsultantExperience 3-5 YearsLocation: New Delhi NCRResponsibilities:Good working knowledge and hands on experience of ISO 27001Guide clients in implementing and maintaining compliance with ISO 27001 and other relevant standardsConduct gap assessments, risk analysis, and internal auditsAssist in developing, reviewing, and enhancing ISMS policies and proceduresMonitor and evaluate the effectiveness of information security controlsSupport corrective and preventive action plans post-auditCollaborate with technical teams to ensure secure design and implementation of IT infrastructureStay updated with the latest regulatory requirements and cybersecurity threatsProvide training and awareness sessionsDocument findings and create reports using MS Excel, Word, and PowerPointQualification: Bachelors degree in B.Tech , B.Sc. and BCA or relevant fieldPreferred Certification:ISO 27001 Lead Auditor/ImplementerOther requirements:Excellent problem-solving/analytical skillsGood written and verbal communication.Proficiency in MS Excel, Word, and PowerPoint for audit reporting and presentationsTo apply for this position please send in your resume to- v.tamanna@trojanhuntindia.com

Preferably CA/MBA/B.E/B.Tech with 3 to 7 years of implementation and advisory experience on Oracle Cloud ERP/EBS security and controls.Ability to drive risk and control programs for Oracle EBS/ERP Cloud, with a focus on the following: Segregation of duty concerns in an ERP environment along with an ability to design SoD (Segregation of Duties) risk libraries, and preparation of remediation roadmaps.System role-design, build security and troubleshoot security defects.Design risk control matrices by conducting workshops with business process owners.Review Oracle ERP IT Application Controls (ITAC) for test of design and test of effectiveness.Identify potential opportunities to automate current ITDM/manual controls leveraging Oracle EBS/ERP Cloud.Deep understanding of regulatory frameworks like COSO, COBIT.Knowledge and audit experience across regulations like SOX, GDPR, CCPA.Functional knowledge on Oracle EBS/ERP Cloud Financials, Procurement, Supply chain management, Projects and HRMS is a pre-requisite.Ability to simplify data and explain trends through Excel spreadsheets, dashboards, power-point presentations is highly desirable.Knowledge of Oracle GRC (Governance, Risk & Compliance) & Oracle Risk Management Cloud (RMC) is highly desirable.Working knowledge on Peoplesoft, NetSuite, MS Dynamics and Workday would be an added advantage.Willing to learn and work on different ERPs and CRM solutions.

Skills - Must have :- 1. Strong in-depth knowledge of PAM, PIM, IAM, IDAM, SOD concepts2. Strong in-depth knowledge in basics of Access Management concepts like User Life Cycle Management, Role Management, Password Management, Risk Management, Access3. Knowledge of AD, LDAP, Exchange4. Hands on experience working with a variety of software products in production environments, especially Windows Servers and MS-SQL5. Ability to write scripts, regular expressions, SQL queries, etc.6. Knowledge of HTML, HTTP, API call protocols and formats and HTTP trace/debugging7. Strong in SQL, Request forms, Workflows, HTML8. Strong in depth knowledge on SQL Server, Oracle 11C/12C, MySQL9. Excellent analytical and problem-solving skills10. Strong skills in data analysis/manipulation11. Client-focused attitude12. Team player with solid communication and presentation skills.13. Knowledge on Ticketing tool like JIRA, ServiceNow, FreshDesk14. Knowledge of basics regulatory compliance like GDPR, SOX15. Knowledge and experience in tools like IAM, IGA, IGI, IDAM, SAP GRC

Security Risk & Control Consultant (SRCC) The Security & Compliance (S&C) Competency Centre (CC) Lead is responsible for supporting the following:EducationGraduate degree plus recognized information security certifications like CISSP, CCSP, SSCP, CRISC, GSEC, etc. are good to haveProject Review and Technical Advice- Review all new high-risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.- Lead the S&C Analyst for specific technology and advice on the Information security for their projects.- Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk- Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.- Work with the architecture community to review new technology and architecture innovations.Risk Management and Mitigation- Assess and classify all potential business and infrastructure information risks.- Execute, with suppliers, risk analyses on IT application/services.- Develop and socialize our overall risk profile and action plans to mitigate risks- Review and recommend approval project charters.- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems- Perform end to end Security Assessment on vendor offerings New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.- Support in development of tooling to support IRM processes and ensuring this is fit for purpose.- Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums.- Support during Internal /External Audit

JOB SPECIFICATION: Experience: 5+ years Company Location: Pune (Magarpatta) Working Days: Mon to Fri Work from Home (Till pandemic) Joining: Immediate joiners Job Type: Contract (1 year)WORK EXPERIENCE 6+ years of SAP experience with SAP authorizations (ERP and HANA). 5+ years of Security and Governance, Risk, and Compliance (GRC) solutions 3-5 years working with SAP customers to define security requirements, approaches, and / or road map 2+ years leading internal & external customer expectations on assignment, resource requirements and / or deliverablesEDUCATION AND QUALIFICATIONS / SKILLS AND COMPETENCIES University degree in: Information Systems, Engineering, Computer Science or similar degree. Good understanding of industry specific business processes Well-developed customer focus Strong communication skills with the ability to effectively interact at all levels within client company Ability to coach/mentor younger colleagues into delivering quality projects and consulting servicesEXPECTATIONS AND TASK Be actively involved in the preparation, conception, realization and Go Live of customer implementation projects Ability to assist customer in designing security approach(es) for their SAP on premise and Cloud environment(s), including SAP S/4 HANA Expertise in SAP On-Premise and Cloud solutions security management Good knowledge of Fiori, HANA, S/4 HANA and Cyber Security Good knowledge of GRC Access Control (ARA, EAM, ARM, BRM) , IDM applications and all its component Rich experience in designing security for SAP ERP, BI, EWM, SCM, HCM, Solution manager applications Familiarity with configuring SAP NetWeaver Identity Management, SAP Single Sign-on, SAML, APis, X.509 certificates Security knowledge in Application Security (ABAP, HANA, JAVA...) and Infrastructure Security etc

Should have 7-8 Years with 2-3 SAP GRC and 2-3 SAP Audit Managementproject Implementation experience with sound Configurations andCustomizations knowledge to meet the following requirements Establish a risk based plan, prioritize audit activities and align with theneeds of the enterprise Develop and document a plan for each engagement Identify, analyze and document relevant information Communicate the engagements objectives, scope, conclusions, findingsand recommendations Monitor the disposition of results reported to management Establish a framework for risk assessment and prioritization Develop and document engagement work program Create different versions of working papers, audit reports, or other auditdocuments. Ensure communication criteria are established through standardtemplate Ensures consistency in reporting, Automates report preparation,Reduces elapsed time to report Establish a system to monitor the disposition of results Monitor the disposition of engagements

Job Title:GRC Consultant PCI DSS & SOC 2 (Immediate Joiners Only)Location: BangaloreExperience: 4 YearsCTC: 7.2 LPAEmployment Type: Full-TimeJoining: Immediate / Within 15 DaysRole OverviewWe are looking for a GRC Consultant PCI DSS & SOC 2 with proven experience in delivering PCI DSS and SOC 2 (Type I & Type II) engagements. The consultant will be responsible for end-to-end compliance execution, audit readiness, and client coordination.Mandatory CertificationsMinimum 2 certifications are mandatory:One PCI DSS certification (PCI DSS Implementer / PCI ISA)ANDOne of the following:CISACISSPCRISC(Profiles not meeting this certification criterion will not be considered.)Mandatory Experience4 years of experience in GRC / Information Security ComplianceMinimum 4 completed projects in:PCI DSSSOC 2 (Type I & Type II)Strong knowledge of PCI DSS v4.0 and SOC Trust Services CriteriaClient-facing experience and audit coordinationImmediate joiner or notice period 15 daysLocation Bangalore How to ApplySend your updated resume to: admin_hr@matayo-ai.comPlease mention in the email:Total experiencePCI DSS & SOC 2 project detailsCertification detailsCurrent CTC Expected CTCNotice period / Joining availability