Senior Compliance & GRC Consultant

Shape Information Security Governance at a CERT-In Empanelled Leader

About neXavault

neXavault, the cybersecurity arm of John & Smith Solutions, is a CERT-In empanelled Information Security Auditing Organization. With our expanding presence across India and international markets, we're the trusted partner for organizations seeking robust security compliance and governance frameworks. Our 100% certification success rate speaks to our expertise in navigating complex regulatory landscapes.

The Opportunity

We're seeking a Senior Compliance & GRC Consultant to lead our rapidly growing compliance practice. You'll guide enterprise clients through their security certification journeys, from initial gap assessments to successful certification audits. With our new CERT-In empanelment opening doors across PAN-India markets, this role offers exceptional growth potential.

Key Responsibilities

  • Lead ISO 27001, ISO 27701, and ISO 20000-1 implementation projects from initiation to certification
  • Conduct comprehensive gap assessments and maturity evaluations
  • Design and implement Information Security Management Systems (ISMS)
  • Perform internal audits and prepare organizations for certification audits
  • Develop information security policies, procedures, and controls
  • Guide clients through SOC 2 Type I & II compliance journeys
  • Ensure compliance with Indian regulations (CERT-In directives, RBI guidelines, DPDP Act)
  • Conduct risk assessments using ISO 31000 and NIST frameworks
  • Lead business continuity and disaster recovery planning initiatives
  • Manage multi-framework compliance programs for enterprise clients
  • Train client teams on security awareness and compliance requirements

Essential Requirements

Experience: 5-8 years in information security compliance and GRC

Certifications (Mandatory):

  • ISO 27001 Lead Auditor (IRCA/PECB/Exemplar certified)
  • ISO 27001 Lead Implementer

Certifications (Preferred):

  • CISA, CRISC, or CGRC
  • ISO 22301, ISO 27701, or ISO 27017/27018 credentials

Domain Expertise:

  • Proven track record of successful ISO 27001 implementations (minimum 5 projects)
  • Deep understanding of Indian regulatory landscape
  • Experience with risk assessment methodologies
  • Knowledge of data privacy regulations (DPDP, GDPR)

Skills:

  • Excellent stakeholder management and communication
  • Strong documentation and technical writing abilities
  • Project management capabilities
  • Ability to translate technical risks into business language

Preferred Qualifications

  • CERT-In empanelment experience
  • Banking sector compliance (RBI guidelines, PCI DSS)
  • Healthcare compliance (HIPAA, ABDM)
  • Experience with GRC tools (MetricStream, ServiceNow, Archer)
  • Cloud compliance frameworks (CSA CCM, ISO 27017)
  • Certified Data Privacy Officer (CDPO) or equivalent

What We Offer

  • Competitive Package
  • High-Value Projects: Lead compliance engagements worth ₹28-50 lakhs
  • CERT-In Advantage: Leverage our empanelment for prestigious government projects
  • Professional Growth: Clear path to Practice Head role
  • Certification Support: Funding for advanced certifications
  • Diverse Portfolio: Work across banking, healthcare, technology, and government sectors
  • Thought Leadership: Opportunity to develop frameworks and methodologies

Location

Primary: Kochi/Kozhikode, Kerala (Remote work available with periodic travel for client audits)

How to Apply

Send your detailed CV along with:

  • List of ISO 27001 implementations you've led (with outcomes)
  • Brief case study of your most complex compliance project
  • Sample ISMS document you've developed (sanitized)

Email: hr@johnandsmith.co.uk

Subject Line: Senior Compliance Consultant – "Your Name"

Apply Now

Select Jobs *
  • Senior Compliance & GRC Consultant
  • Technical Proposal Manager - Government & Enterprise Tenders
  • Senior Penetration Testing Specialist

Captcha