Senior GRC Consultant

• 3Columns, a specialist cybersecurity firm, offers a comprehensive range of services including Security Assurance, Security Governance, Professional services, and Managed Services. Our solutions encompass Managed Security Services, Offensive Security Services, Cyber Security Consulting, and professional services tailored to assist customers in deploying all necessary controls. The primary service provided by our Security Operations Center (SOC) is Managed Detection & Response along with Incident Response.As a Senior GRC/ Cybersecurity Consultant at 3Columns, you will play a crucial role in delivering outcome-based engagements to diverse clients. Your responsibilities will involve enhancing Governance, Risk & Compliance capabilities within client organizations proactively. Leading projects of varying scales, you will aid clients in developing and implementing cybersecurity risk mitigation strategies to align with business objectives and drive organizational success. You will become an essential part of each client's cybersecurity strategy, fostering strong relationships, and establishing yourself as a trusted partner within the organization.Your Skills and Experience:- Demonstrated proficiency in ISO27001, NIST, and ASD8 frameworks.- Ability to apply and audit cybersecurity frameworks like ISO/IEC 27001, 31000, ASD8, and NIST.- Experience guiding organizations on their cybersecurity journey.- Sound knowledge of GDPR, PCI-DSS, ISM, RFFR, and SOC2.- Capability to leverage the company's methodologies to offer effective cybersecurity and risk advice.- Proficiency in articulating business implications and accurately assessing risks in alignment with business objectives.- Aptitude for developing and delivering training material for public and private events.- Proactive approach to researching emerging security risks and controls.Business Skills:- Excellent written and verbal communication skills to convey concepts in non-technical terms.- Consulting skills suitable for a diverse audience.- Strong communication and writing abilities.- Capability to translate IT and technical risks into business risks for C-Level and Board members.- Understanding of commercial arrangements for projects of various sizes and demonstrating the value of service offerings to clients.- Identifying and communicating security advice tailored to employees, managers, and executives.Personal Skills:- Forward-thinking approach towards business vision and team culture.- Experience in collaborating with consulting companies, managing multiple customers and projects simultaneously.- Ability to innovate service delivery for customers.- Confidence in discussing security and recommending controls to security professionals and executives.- Team player with flexibility and motivation to engage in different types of engagements.- Strong multitasking skills to cater to multiple clients concurrently.- Detail-oriented, self-motivated, and capable of working independently.Certifications:You should possess a proven track record in Information Security, IT Audit, Risk, or Compliance fields. Additionally, you should hold or be pursuing certifications such as:- ISO 27001 Lead Auditor or Lead Implementer.- CISSP (Desirable, not mandatory).- CISA.- CISM (Desirable, not mandatory).- CDPSE (Desirable, not mandatory).- Associate PCI DSS QSA (Desirable, not mandatory).Past Experience:- Prior experience in a client-facing role is highly valued.- Understanding of PCI-DSS framework.- Experience in engaging with C-level executives and board members.Please note that candidates with less than 5 years of experience in the GRC consulting space will not be considered for this role.,

Sign-in & see how your skills match this job

Sign-in & Get noticed by top recruiters and get hired fast