GRC SPECIALIST

1) Minimum bachelors degree level or holds a relevant professional qualification or relevant experience (typically at least 6 years) in information security (GRC).

2) Educated to bachelors degree level, holds a relevant professional qualification, and may have a postgraduate qualification such as an MSc, MBA, or other appropriate business, engineering, scientific or industry qualification.

3) Have knowledge and experience as below:

a. Applying specific quality standards to all tasks undertaken to ensure that deliverables are accurate and complete.

b. Principles, practices, tools, and techniques of IT auditing.

c. Methods and techniques for reporting progress and financial conformance against an agreed plan.
4) Have technical and business skills as below:
a. Communicate well, both orally and in writing, and has the skill to influence through persuasion in a formal context. Has a good overall knowledge of wide areas of information systems practice and applications. Understands the need to maintain a practical and pragmatic approach to standards compliance

b. The system or method for the management of quality within the employing organizations IT practices, including quality planning, assurance, and control.

1) Monitor status of risks, and reports status and need for action to senior colleagues.
2) Demonstrate financial awareness as a part of risk management (e.g., cost-effectiveness analysis of proposed counter measures).
3) Assist with development of agreed countermeasures and contingency plans.
4) Collect and collate evidence as part of formally conducted and planned reviews of activities, processes, products, or services, including information and communications technology applications.
5) Examine records as part of specified testing strategies for evidence of compliance with management directives, or the identification of abnormal occurrences.

Originally posted on Himalayas