Job Search and Career Advice Platform

Enable job alerts via email!

Consultant - ISMS/GRC

Inbox Business Technologies

Pakistan

On-site

PKR 1,200,000 - 1,500,000

Full time

29 days ago

Generate a tailored resume in minutes

Land an interview and earn more. Learn more

Job summary

A leading technology consulting firm in Pakistan is seeking a Consultant with expertise in ISO 27001 and IT GRC frameworks. The ideal candidate will have hands-on experience in gap assessments, risk assessments, and compliance regulations. Duties include supporting compliance programs, developing security policies, and conducting security training. Strong communication and documentation skills are essential for success in this role.

Qualifications

  • Minimum 3–4 years of experience in ISMS and IT GRC consulting.
  • Familiarity with ISO 27001 gap assessments and audits.
  • Strong stakeholder engagement and report writing skills.

Responsibilities

  • Implement and maintain ISO 27001-based Information Security Management Systems.
  • Conduct risk assessments and develop mitigation strategies.
  • Prepare documentation for ISO 27001 certification audits.

Skills

Documentation skills
Risk assessment
Communication skills
Project management
Analytical skills

Education

Bachelor's degree in Information Security
Master's degree in IT-related field

Tools

ISO 27001
COBIT
ITIL
NIST
Job description
Job Summary

We are seeking a Consultant with proven experience in implementing and maintaining ISO 27001-based Information Security Management Systems (ISMS) and IT Governance, Risk, and Compliance (IT GRC) frameworks. The ideal candidate will have hands‑on expertise in ISO 27001 gap assessments, risk assessments, policy development, and certification audit preparation, along with working knowledge of standards such as NIST, NCA, SAMA, COBIT, and ITIL. This role involves supporting compliance programs, developing security controls, conducting awareness training, and assisting clients in aligning IT strategies with regulatory requirements including GDPR, HIPAA, and PCI‑DSS. Strong documentation, auditing, and communication skills are essential.

ISMS Responsibilities
  • Experience of implementation and maintenance of ISO 27001-based Information Security Management Systems (ISMS).
  • Perform gap assessments to identify areas of non‑compliance and assist in remediation planning against various standards & frameworks like NIST, NCA, SAMA, etc.
  • Participate in risk assessments and help develop mitigation strategies.
  • Developing ISMS policies, procedures, and security controls aligned with ISO 27001 standards.
  • Prepare documentation and provide support during ISO 27001 certification audits.
  • Conduct security awareness training and incident management processes.
IT GRC Responsibilities
  • Assist in developing and implementing IT governance frameworks (COBIT, NIST, ITIL).
  • Support IT risk assessments, compliance audits, and regulatory reporting activities.
  • Help clients align IT strategies with their business goals while ensuring compliance with regulations like COBIT, GDPR, HIPAA, SOX, etc.
  • Support in developing and maintaining IT compliance programs and policies.
  • Contribute to the development and implementation of GRC tools and processes.
  • Participate in internal audits and help clients prepare for external certification audits/compliance checks.
Required Qualifications & Experience
  • Minimum Bachelor’s degree in Information Security, Computer Science, or a related field.
  • Certifications (preferred): ISO 27001 Lead Implementer / Lead Auditor, CISM, CRISC, or COBIT Foundation.
  • 3–4 years of experience in ISMS and IT GRC consulting, auditing, or implementation.
  • Familiarity with ISO 27001 gap assessments, risk assessments, and audits.
  • Basic knowledge of IT governance frameworks (COBIT, NIST, ITIL, etc.)
  • Understanding of regulatory compliance such as GDPR, NIST, and PCI‑DSS.
  • Strong documentation, report writing, and communication skills are a must.
  • Master’s or Bachelor’s degree in Information Technology, Computer Science, or IT-related field.
  • ITIL Expert/Managing Professional, ISO 20000 Lead Implementer / Lead Auditor, ISO 22301 Lead Implementer / Lead Auditor, CBCP (Certified Business Continuity Professional).
  • 6–8 years of experience in ITSM and BCMS consulting or related roles.
  • In‑depth knowledge of ITIL, ISO 22301, and other relevant frameworks/regulations.
  • Practical experience in ISO 22301 implementation, BIA, DR planning, and BCMS assessments.
  • Familiarity with IT compliance standards such as ISO 27001, COBIT, and NIST, NCA.
  • Excellent analytical, problem‑solving, and decision‑making skills.
  • Proven ability to manage multiple projects and clients simultaneously.
  • Experience in conducting internal and external audits related to ITSM and BCMS.
  • Strong stakeholder engagement, report writing, and project management skills.
Get your free, confidential resume review.
or drag and drop a PDF, DOC, DOCX, ODT, or PAGES file up to 5MB.
TrustpilotImage showing a rating of 4.5 out of 5 stars on Trustpilot for JobLeads, indicating a high level of customer satisfaction.
Rated “Excellent” based on 19,141 reviews