GRC Analyst/Consultant

About the Opportunity

We are looking for a proactive, hands-on Cybersecurity GRC (Governance, Risk & Compliance) Analyst to join our team. This is a unique "greenfield" project where you will not just operate within established guidelines, but actively participate in building our core GRC and risk management processes from scratch. If you want a role where your analytical skills will directly shape the company's security posture and framework design, this is the perfect challenge for you.

Core Purpose of the Role

In this position, you will be responsible for evaluating our current security landscape, identifying control gaps, and translating international standards into practical risk processes. Your immediate focus will be supporting the design and roll-out of a robust risk assessment methodology aligned with the ISO/IEC 27001 framework.

Key Responsibilities

Process Design & Framework Support

• Build from Scratch: Collaborate on the design, development, and deployment of the organization's corporate Cybersecurity GRC policies and operating procedures.

• Process Engineering: Help map out and operationalize end-to-end risk management processes, remediation workflows, and control patterns.

• Standard Alignment: Assist in establishing technical and organizational compliance controls aligned with ISO 27001 standards.

Risk Analysis & Mitigation

• Risk Assessments: Execute comprehensive risk identification and assessment cycles across various business and IT assets.

• Gap Analysis: Conduct detailed gap analyses against security frameworks to identify vulnerabilities and areas of non-compliance.

• Risk Register Management: Own and maintain the corporate IT/Cyber Risk Register, ensuring all identified threats are properly documented, tracked, and prioritized for remediation.

Stakeholder Collaboration & Documentation

• Cross-Functional Partnering: Work closely with IT infrastructure teams, Legal, and Business Leaders to ensure compliance requirements are understood and met.

• Clear Documentation: Translate complex regulatory requirements into plain language, creating clear operating procedures and checkpoints for internal teams.

Required Qualifications & Experience

• Experience: 5+ years of proven, practical experience in a dedicated GRC Analyst, Information Security Risk, or IT Compliance role.

• Framework Knowledge: Strong, hands-on knowledge of the ISO/IEC 27001 standard (familiarity with ISO 27005 or NIST CSF is a strong plus).

• Proven Track Record: Demonstrable experience in contributing to the design of risk methodologies or implementing GRC workflows from the ground up.

• Analytical Mindset: Exceptional analytical skills with high attention to detail; able to evaluate complex IT processes and propose pragmatic, risk-based solutions.

• Communication: Fluency in English (both written and spoken) with solid stakeholder management skills. You must be able to balance control rigor with business delivery speed.