GRC Consultant

Bengaluru, KA
Governance Risk and Compliance – GRC Consultant /
Ushur is transforming the way enterprises communicate and engage with customers. Fueled by consumer’s self-service demands, enterprises are modernizing customer engagement and experience models. Ushur is fast becoming the platform of choice for Customer Experience Automation™, enabling these enterprises to leapfrog their digital native counterparts and deliver delightful customer and employee experiences. With cutting-edge Conversational AI, Machine Learning and Intelligent Process Automation technologies, Ushur has enabled Fortune 100 enterprises including some of the world’s most well known brands in healthcare, insurance, banking and financial services sectors to automate their customer engagement. Cloud-native, 100% no-code and purely workflow-driven, Ushur empowers citizen developers within business operations teams to build AI-powered, fully-automated and omni-channel experience to digitally transform customer journeys end-to-end.

Role: GRC Consultant
Location: Bangalore

The Role
Ushur is looking for a motivated, passionate, GRC Consultant. The GRC Consultant will be working with GRC Director to implement GRC initiatives and charter for Ushur. Implement processes to ensure that protection, compliance & certifications are maintained in the organization in an ongoing manner. Where necessary, the consultant should assist the GRC director to acquire new certifications & compliances, to initiate & support ongoing audits, to mention a few. You will collaborate across various teams and offer support & guidance to product management, customer success & support, system architects, engineering development and quality assurance teams.

- Responsible for implementing the GRC charter in order to improve the overall security & compliance posture of the organization
- Work with external security & related disciplines consultants and will be a part of developing the security mindset of our teams.
- Support & nurture regulations such as CCPA, GDPR, HIPAA, HITRUST, etc.
- Support certification and compliance audit activities e.g., SOC2, HITRUST, ISO 27001 and PCI-DSS
- Contribute towards organization security, focusing on our product & our corporate security hygiene
- Establish policies, procedures, and guidelines.
- Subject matter expert when it comes to security & GRC practices
- Continuous alignment and improvement of the GRC processes with various stakeholders, leveraging existing GRC tools in place, finding out what more is required to support our business processes and keep working around overall security governance, risk management, and various audits all year around

- At least 5-10 years of experience in IT with a minimum 3 years in security/ GRC
- Skills in Cloud Concepts, Cloud Security and SaaS Security
- Experience working in an AWS cloud environment is a must
- Experience in drafting policies, procedures, and reports
- Experience with Security Operations will be an advantage
- Must have performed compliance Tasks e.g., involved in assessments, risk management, audits, drafting policies, procedures, and reports
- Knowledge of organization accreditation/certifications e.g., SOC2/ ISO 27001/ PCI DSS etc.
- Knowledge of different types of frameworks, regulations, standards, and best practices e.g., NIST CSF, CSA, CIS, HITRUST etc.
- Prior experience using the GRC tool will be an advantage   
- DevSecOps/ DevOps   Skills   
- Security Testing Knowledge e.g., SAST, DAST, VAPT etc.    
- Vulnerability Management Skills       
- Knowledge of Data Security and Privacy   
- Knowledge of the Incident Response process     
- Prior experience of involvement in control implementation will be an advantage
- Knowledge of DR, BCP, Malware campaign, advisory etc.
- Knowledge of EDR, MDR, DLP and any other endpoint protection tool         
- Knowledge of any automation, standardization and templatization skills will be an advantage
- Knowledge of industry regulation on security and privacy e.g., GDPR, CCPA etc.