This job ad has been posted over 30 days ago...



GRC Consultant - PCI QSA Full-time

at SecureLogic in Banglore (Published at 29-10-2018)

Summary of Role

- Work along with the Audit Team comprised of Lead Consultant & other GRC consultants.

- Provide strategic information security advisory and consulting services for all clients.

- The role encompasses delivery and management of Professional Services engagements, technical consultation and implementation, and internal strategic initiatives. Managing team members as deemed necessary, accounting to team roles and responsibility.

- Scope security engagements and support development of proposals and statements of work, effectively translating customer requirements into an engagement to meet those needs.

- The GRC Consultant role leads and delivers the following compliance type engagements as a minimum:

  • Scoping, design, implementation, and operation of PCI DSS, and related Information Security framework/ standards.
  • Conduct of PCI DSS Gap Analysis or assistance in completion of SAQ process
  • Conduct of Internal Audit (against internal information security policies and procedures, or industry standards) engagement.

- Associate GRC Consultant role comprises of 2 key measurable elements. These are:

  • Delivery of Professional Services engagements (85%)
  • Help sales to sell more ,contribute to development of new templates & technical materials as & when required.

- Assist sales and participate in generation and development of both inbound and outbound new business opportunities.

- The GRC Consultant role is heavily focused on all facets of Information Security, across all industries. These include:

  • Data Centre IT
  • IT Governance, Risk and Compliance
  • Network and Security Architecture
  • Secure Logic’s Managed Security Services
  • Internal business initiatives

- Manage external relationships from clients, vendors, and business partners at all levels as required.

- Maintain internal relationships with Senior Management, and other business areas as required.

- Manage and lead Professional Services and Delivery engagements as required. This may also include managing engagement teams, deliverables and engagement budget.

- Perform Professional Services and Delivery engagements related as deemed necessary and as directed by Management.

- Report to Manager on timely basis . Ensure to adhere to Code of Conduct , ensure to stick to KPI’s & metrics to be able to do well .

Specific Responsibility

- Manage, and deliver Professional Services and Delivery related projects as required. These include:

  • Scoping, design, implementation, and operation of PCI DSS, and related Information Security framework/ standards.
  • Consult to clients at all levels regards to Information Security standards, frameworks, guidelines, and better practice.
  • Undertake risk assessments using industry frameworks such as ISO 31000, ISO 27005.
  • Compliance engagements such as Gap Analysis, Internal Audit, External Audit
  • Manage and deliver vulnerability and penetration Testing engagement
  • Conduct security policy and framework reviews
  • Implementation of PCI DSS, ISMS, or client specific information security frameworks
  • Security architecture reviews

- Ensure quality of all deliverables including but not limited to:

  • Client Engagement metrics
  • Client Project Delivery
  • Internal Project Delivery

- Follow current Professional Services and Delivery processes, and provide input into process improvement as required.

- Create and be accountable for all client proposal, contracts, tenders and panel bids and any further documentation following Secure Logic’s procedure.

- At a minimum maintain a billable utilization target of 85%.

- Present Secure Logic to potential clients and group through various communication streams.

- Ability to travel a must. Attending trade shows and events will be required.

- Lead generation for new business channel development.

- Keep abreast of current Information Security standards such as:

  • ISO 27001:2013
  • ISO 31000
  • ISO 20000, ITIL
  • NSW Government Information Security policies, standards, and guidelines
  • Federal Government Information Security policies, standards, and guidelines
  • CSA Framework
  • ISACA guidelines
  • Any other local Information Security frameworks and requirements for Government, regulatory, and legislative requirements.

- Supervise and co-ordinate the delivery of consulting or managed service projects.

- Provide assistance in the Professional Services teams group KPI reporting processes

- Track and report on all current and completed projects as required

- Provide internal status reports to Management as required.

Prerequisite for the Role :

  • PCI DSS QSA (active)
  • Minimum 5 Years of Security Experience
  • CISA or ISO LA

Other cert’s like CEH, ECSA, ITIL, COBIT will be a plus.

Recent jobs at SecureLogic

Viewed: 871 times
« Go back to category
Is this job ad fake? Report it!   
Recommend to a friend