Senior GRC Analyst

A technology company is seeking a candidate for the position of Information Security GRC (Governance, Risk, and Compliance) Specialist. As a key member of the IT Advisory team, the Information Security GRC Specialist will be responsible for managing policy compliance, overseeing security requirements governance, and handling risk management activities. The ideal candidate will possess strong knowledge of risk management, security, and privacy practices, along with excellent IT skills and communication skills, both written and verbal.

Position: Senior GRC Analyst

Location: Pakistan

Job Mode: Onsite, Lahore

Shift: US Central Time Zone

Compensation: Market Equivalent - USD

Benefits: Standard (Market Equivalent)

Key Responsibilities:

• Develop and assist in implementing client initiatives aimed at reducing technology risks, ensuring governance, and achieving compliance with internal policies and external regulations.
• Assess risks and create security standards, procedures, and controls to mitigate them. Enhance security posture through process improvements, policy updates, automation, and continuous capability development.
• Implement processes to automate and monitor information security controls, exceptions, risks, and testing activities on an ongoing basis.
• Create and maintain reporting metrics, dashboards, and evidence artifacts.
• Evaluate both business and IT-related risks.
• Design IT security standards, procedures, and controls to manage risks and improve client security posture via process enhancements, policy updates, automation, and capability evolution.
• Analyze information security threats and their potential impact on the client's IT environment.
• Assist senior team members in analyzing client requirements, designing information security strategies, and ensuring compliance with legal, regulatory, and industry-specific security frameworks.
• Contribute to the delivery of client work-streams related to compliance standards such as PCI DSS, ISO 27001, EU GDPR, and incident management practices.
• Conduct assessments of internal and external information security risks and exceptions, including vulnerability management, patching status, secure baselines, penetration test results, phishing, and social engineering tests.
• Document and report control failures and gaps, offering remediation guidance and preparing management reports to track remediation progress.
• Stay up to date on best practices and technological advancements, serving as a technical resource for security assessments and regulatory compliance matters.
• Perform other related duties as needed, based on business requirements.
  
  
  

Qualifications and Skills:

• A minimum of 3 years of experience in IT Governance, Risk, and Compliance.
• Familiarity with standards such as ISO 27001, PCI DSS, ITIL, ITSM, and COBIT is preferred.
• Strong understanding of risk management principles and methodologies.
• Preferred certifications: CEH, CISSP, CISA, or CISM.
• Ability to make sound, pragmatic decisions and judgments within tight deadlines.
• Strong interpersonal and influencing skills, with the ability to drive change collaboratively, both internally and externally.