Risk Consultant Job Vacancies in Bangalore

Matayo AI Solutions Pvt Ltd (Matayo 360 GRC Service Division) is looking for a passionate GRC Consultant to join our fast-growing compliance advisory team.If you live and breathe ISO 27001, SOC 2, PCI DSS can think like an auditor, and love solving risk management puzzles we want to meet you! Position: Location: Hybrid (Bangalore/ Remote India) Experience: 12 Years in GRC / ISO 27001 Implementation Qualification: ISO 27001 Lead Implementer or Lead Auditor (Mandatory)CTC: 4,50,000 PA to 6,00,000 PA Key Skills Required: Hands-on experience in implementing and auditing ISO/IEC 27001:2022 Familiarity with ISO 31000 Risk Management principles Understanding of Annex A controls and Statement of Applicability (SoA) Experience conducting Internal Audits, Risk Assessments, and GAP Analysis Documentation skills policies, procedures, risk registers, audit checklists Exposure to SOC 2 readiness, GDPR, or DPDPA (added advantage) Excellent written and verbal communication skills Roles & Responsibilities:1 Governance & Compliance Assist clients in implementing ISO 27001:2022 ISMS framework, including defining scope, policy documentation, control implementation, and management review. Conduct GAP assessments and prepare SoA and Risk Treatment Plans. Align controls with frameworks like SOC 2, PCI DSS, HIPAA, and GDPR as needed.2 Risk Management Perform risk identification, analysis, and evaluation in line with ISO 31000. Develop and maintain Risk Register using impactlikelihood matrices. Recommend and track risk treatment plans and mitigation actions.3 Internal Audit & Assurance Plan and execute Internal Audits based on ISO 27001:2022 Annex A controls. Collect and review evidence from business, IT, and HR departments. Prepare audit reports, NC (Nonconformity) logs, and CAPA (Corrective Action) tracking. Support clients in external certification audits with CBs.4 Documentation & Reporting Draft and maintain compliance documents: ISMS Manual, Policies, Procedures, Risk Register, SoA, and Audit Checklists. Prepare MIS dashboards, compliance status reports, and management review summaries.5 Client Engagement & Delivery Support end-to-end GRC project execution from scoping to closure. Coordinate with cross-functional teams and external auditors. Deliver presentations and training to clients on ISMS and Risk Management concepts. Project Exposure: Should have successfully executed at least two (2) complete ISO 27001 or integrated GRC implementation projects (from GAP to certification stage). Soft Skills: Strong analytical, problem-solving, and documentation capabilities Ability to manage multiple client projects simultaneously High integrity, confidentiality, and attention to detail Career Path: Growth into Senior GRC Consultant / vCISO Track within 23 years Exposure to global frameworks SOC 2, PCI DSS, HITRUST, ISO 42001 (AI Governance), NIST Compensation:Competitive salary based on experience and certification level performance-based incentives per project completion How to Apply: Send your resume and certification copies toadmin_hr@matayo-ai.com

Our client is looking for a full time on-site role requiring travel to client sites. The Manager Risk Advisory Serviceswill be responsible for overseeing day to day risk advisory services to our clients such as conductinginternal audits, evolving and implementing SOPs, executing focussed client engagements to identifyand manage potential risks to their operations, financial stability and reputation. The Manager willwork closely with junior team members to provide comprehensive solutions and guidance to clientsacross various industry segments. The role requires a strong understanding of audit methodologies,regulatory compliance, and internal control frameworks.

Security Risk & Control Consultant (SRCC) The Security & Compliance (S&C) Competency Centre (CC) Lead is responsible for supporting the following:EducationGraduate degree plus recognized information security certifications like CISSP, CCSP, SSCP, CRISC, GSEC, etc. are good to haveProject Review and Technical Advice- Review all new high-risk projects; new technical designs; for Information risks and advise on suitable controls and mitigations at early stages of the program.- Lead the S&C Analyst for specific technology and advice on the Information security for their projects.- Offer advice to Shell and suppliers to assist in resolving questions and issues around how to manage risk- Provide Subject Matter Expertise for projects and business stakeholders, in combination with the Improvement Program.- Work with the architecture community to review new technology and architecture innovations.Risk Management and Mitigation- Assess and classify all potential business and infrastructure information risks.- Execute, with suppliers, risk analyses on IT application/services.- Develop and socialize our overall risk profile and action plans to mitigate risks- Review and recommend approval project charters.- Facilitate smooth conduct of Risk Assessment (including Legal & Regulatory) on Applications, Network& Systems- Perform end to end Security Assessment on vendor offerings New/Leveraging existing (SAAS / PAAS/IAAS) services including integration with Shell environment.- Translate Technical, legal and Regulatory Compliance obligations into a cohesive collection of Security Controls and provides the respective stakeholders with the IRM requirements and its implementation methodologies.- Support in development of tooling to support IRM processes and ensuring this is fit for purpose.- Actively participate in S&C team and community meetings, representing S&C and Business interests in other CC forums.- Support during Internal /External Audit

Good understanding of, and experience with Information Risk Management, IT Security and Compliance and Security Controls and AuditAdvanced understanding of internal and external IT security standards, SOX, PCI, SOC2/1, ISO27001 standards and relevant legal compliance aspects.Robust understanding of, and solid experiences with the impact of Security on application development and operations as well as the IT Infrastructure.Ability to promote high performance teams, working with inclusiveness and cultural diversity, across organizational boundaries.Good understanding of cloud security requirements and third-party control assurance.Ability to interface with different groups (Third parties, Business and IT) internal and external to IT (security) and to network globally across Group businesses, as well as with external groups.Technical knowledge & relevant experience in security domains /technologies related to:Infrastructure/Network securityIdentity and Access ManagementBusiness Impact AssessmentApplication securityData Leakage PreventionEnd-Point ProtectionWeb filtering technologies, Proxies and firewalls.Vulnerability Assessment / Penetration TestingKnowledge of Data Security Standards, Privacy PrinciplesDriving Platform / Application security and complianceAbility to foresee and identify mitigation strategies for RisksCandidate must also:Display excellent communicating and influencing skillsDisplay analytical and problem-solving skillsBe pro-active and self-motivatedDisplay strong interpersonal and negotiating skills with all levels of staff.Display Ability and eagerness to quickly learn new technologies.QualificationsA qualification in CISSP, CISA, CRISC or CISM

Roles & Responsibilities: Candidate shall be required to perform field work in Internal Audit, risk advisory services, Sarbanes Oxley, Internal Financial Controls, Enterprise Risk Management, etc. covering following activities:o Preparing risk and control matrices.o Planning for field work.o Day to day guidance to Associates working in teamo Day to day coordination with reporting manager The candidate will have to review operational, financial, and technology processes to provide management with an individual assessment of business risk, internal control, and the overall effectiveness and efficiency of the process. The candidate may be required to travel outstation for approximately 40-70% of the time Candidate should be willing to work extended hours based on the requirements of assignment Candidate would be working in a client facing environmentDesired Profile: Education - Qualified CA or CIA Prior experience in risk advisory will be an added advantage. Any additional certifications like CS, CWA, CFA will be added advantage.Skill Set: IT Skills o Should be good with MS Excel, MS Word and MS PowerPointo Basic knowledge of ERP like SAP, Oracle, etc. will be added advantage. Other Skillso Should be excellent in written and oral communication.o Should be able to display confidence in client facing role.o Should have good understanding of business processes and riskso Should be logical and analytical in approach with a keen eye for detail