GRC Consultant

Help the organization be more secure!

This is an on-site opportunity in Lisbon

As a GRC Consultant, you will work for our client one of the largest TIC companies globally. You will be responsible for engagements related to policy compliance, security requirements governance, as well as risk management.

Your main responsibilities: advise on security matters:

• Continuously evaluate and improve the maturity level of the information security framework of ongoing projects
• Develop, maintain, comply with, and measure organizations’ adherence to information security policies and processes
• Evaluate the compliance of the internal security framework with the standards and legal requirements, identifying gaps and structuring action plans
• Support information security audits and manage action plans
• Conduct information security due diligence 
• Promoting an information security culture suitable for organizations through awareness-raising and training actions
• Be part of the definition, development, and implementation of Information Security projects, risk analysis, business continuity, and/or data protection
• Perform information security risk assessments, business impact assessments (BIA), and data protection assessments (DPA)
• Perform information security compliance and maturity assessments, using international standards and best practices from various sectors
• Identification, analysis, and implementation of information security controls
• Manage compliance levels according to international standards (ISO 27001, ISO 22301, PCI-DSS, COBIT, GDPR, ITIL)
• Manage processes and business continuity plans in accordance with best practices (eg ISO 22301)
• Develop and present reports with results of ongoing projects
• Support the management of the consulting area

You’re ideal for the role if you have:

• At least 5 years of experience in GRC
• Notions of project management
• Technical knowledge
• Academic training in areas of information security
• Relevant knowledge of risk and international standards and good cybersecurity practices
• Mindset oriented towards risk mitigation, internal audits, and good practices
• Good communication skills in Portuguese and English
• Knowledge of security standards and frameworks, such as ISO 27001/2, NIST CSF, and others
• Analytical capabilities
• Ability and flexibility to adapt to different contexts
• Certifications will be valued as well as experience in the field of Consulting and Auditing

#GETREADY to meet with us!

We would like to meet you. If you are interested please apply and attach your CV in English or Portuguese, including a statement that you agree to our processing and storing of your personal data. You can always also apply by sending us an email at cv-recruitment@itdsportugal.com

Internal Number – #3707