GRC Assessor

About the Role

We are looking for an experienced GRC Assessor to support a post go-live security assessment following the transition of ICT managed services to a new service provider.

This role focuses on evaluating the effectiveness of implemented security controls in a live environment. It is a non-assurance, point-in-time assessment, requiring a strong ability to review operational evidence rather than perform technical testing or design reviews.

The ideal candidate brings hands-on experience in operational security reviews, particularly within managed services or regulated environments, and is comfortable working with documentation, logs, and governance processes.

Key Responsibilities

• Perform post-implementation security assessments to evaluate the effectiveness of operational controls after service transition.

• Review and analyze evidence-based artifacts, including logs, tickets, access records, incident reports, and change records.

• Assess risks related to service transition and inherited controls, including access provisioning/revocation, logging continuity, and knowledge transfer.

• Evaluate governance and operational effectiveness across key security domains.

• Identify gaps, risks, and improvement areas, and provide actionable recommendations.

• Collaborate with stakeholders across security, IT, and service providers to validate findings and ensure alignment.

• Prepare clear and structured assessment reports for management and key stakeholders.

Required Skills & Experience

• Proven experience in GRC, IT security assessments, or operational risk reviews.

• Experience performing post-go-live / post-implementation reviews in managed services or regulated environments (e.g., public sector, finance, healthcare).

• Strong understanding of security control domains, including:

  • Identity & Access Management (IAM)

  • Security Operations / Monitoring (SOC)

  • Incident Response

  • Vulnerability and Patch Management

  • Backup & Recovery

  • Change and Configuration Management

• Experience working with cloud and hybrid environments, including:

  • Microsoft Azure

  • Amazon Web Services

  • Google Cloud Platform

• Ability to perform evidence-based assessments (not penetration testing or deep technical validation).

• Strong analytical skills and attention to detail.

• Experience in stakeholder communication and reporting.

Compliance & Framework Knowledge

• Familiarity with security frameworks and regulations at a governance and control effectiveness level, including:

  • ISO/IEC 27001

  • NIS2 Directive

  • General Data Protection Regulation