GRC Analyst/Consultant

ValueMentor View all jobs

  • Thrissur, Kerala
  • Permanent
  • Full-time
  • 2 months ago
Job Description:Job SummaryThe GRC Analyst / Consultant is a critical delivery and assurance role within the Payment Security Team, responsible for supporting compliance and risk management engagements across PCI DSS and SWIFT CSP standards.The role focuses on assisting lead assessors, managing compliance evidence, supporting assessments, tracking remediation activities, and ensuring timely, high-quality delivery across multiple client environments. Working closely with cross-functional teams and client stakeholders, the GRC Analyst will contribute to secure, compliant operations aligned with global standards and industry best practices.Key Responsibilities, Deliverables / OutcomesCompliance Assessment & Delivery Support
  • Support lead assessors in conducting PCI DSS and SWIFT CSP assessments for multiple client entities.
  • Collect, validate, organize, and maintain compliance documentation and evidence with high accuracy and completeness.
  • Coordinate with client teams to gather policies, system logs, configurations, and other assessment artefacts.
  • Review evidence against PCI DSS and SWIFT CSP requirements, identify gaps, and follow up for closure.
  • Maintain structured and accessible evidence repositories to enable efficient audits and reviews.
  • Manage assessment timelines and milestones, ensuring deadlines are met through close coordination with stakeholders.
Risk Management & Reporting
  • Assist in preparing assessment reports, including documentation reviews, gap analysis, and risk summaries.
  • Support assessors in developing clear, accurate, and standards-aligned final assessment reports.
  • Work with assessors to identify, assess, and prioritize compliance and security risks.
  • Support the creation and tracking of remediation plans aligned with compliance requirements.
  • Monitor remediation activities and follow up with clients to ensure timely closure of findings.
Process Excellence & Continuous Improvement
  • Support the creation and maintenance of assessment checklists, templates, and documentation.
  • Participate in post-assessment reviews to identify opportunities for workflow and efficiency improvements.
  • Contribute to the development and update of information security policies, procedures, and documentation.
  • Share best practices and assessment insights to promote standardization across engagements.
Stakeholder Engagement & Client Focus
  • Maintain a strong customer-centric approach throughout the compliance lifecycle.
  • Collaborate effectively with internal teams and client stakeholders to ensure a positive assessment experience.
  • Prepare and present briefings to senior management, translating technical findings into business-relevant insights.
  • Ensure all engagements reflect organizational values and promote a culture of cybersecurity excellence.
Learning, Development & Ownership
  • Stay current with changes to PCI DSS, SWIFT CSP, and related regulatory and industry standards.
  • Actively pursue training, certifications, and knowledge-building opportunities.
  • Contribute to a knowledge-sharing culture through team discussions and collaboration.
  • Take ownership of assigned responsibilities, meeting deadlines with accountability and professionalism.
Key Skills
  • Customer relationship management and stakeholder engagement
  • Strong understanding of ISO 27001:2022 clauses and ISO 27002 control guidance
  • Knowledge of information security principles (CIA triad) and their practical application
  • Understanding of:
  • Data classification frameworks
  • Identity & Access Management (IAM)
  • Secure Software Development Lifecycle (SSDLC)
  • Network defense-in-depth concepts
  • Working knowledge of OSI layers and network communication protocols
  • Exposure to cloud security concepts and platforms (AWS, Azure, GCP)
  • Experience supporting security assessments and assurance audits
  • Strong documentation, reporting, and presentation skills
  • Experience supporting ISMS workshops and security awareness programs
Key Competencies / Soft Skills
  • Analytical and problem-solving skills
  • Customer-focused mindset
  • Strong verbal and written communication
  • Adaptability to changing environments
  • Accountability and ownership

ValueMentor