Information Security GRC Consultant

Aarcalev is looking for an Information Security GRC Consultant to play a key role in delivering cybersecurity governance, risk, and compliance projects across our diverse, multi‑market operations. In this role, you’ll help support our clients in shaping enterprise‑wide GRC strategy, drive regulatory confidence, and embed security accountability across business, technology, and operations.

Key Responsibilities

• Define and execute the Information Security GRC strategy aligned with enterprise risk management and business growth
• Assist in designing, implementing, and maintaining cybersecurity policies, standards, and procedures
• Support the institutionalization of GRC frameworks across multiple markets and business units.
• Monitor adherence to regulatory requirements (e.g., DPDP, GDPR, NDPA, ISO 27001/ISO 20000/ ISO 22301, NIST 800-53, SOC 2, DESC, PDPL, PCI-DSS, HIPAA, HITRUST, NIS 2, ISO 21434 etc.). Experience with country specific regulations such as SAMA, NCA ECC, are highly desirable.
• Conduct risk assessments to identify vulnerabilities and compliance gaps.
• Collaborate with stakeholders to recommend mitigation strategies and track remediation progress.
• Support internal and external audits, ensuring timely and accurate documentation.
• Contribute to security awareness initiatives and training programs.
• Stay updated on emerging cybersecurity threats, frameworks, and regulations.
• Provide input to enhance GRC processes and tools for scalability across markets.
• Technical experience and skills in controls design and documentation are highly desirable

Qualifications

• Bachelor’s degree in Information Security, Computer Science, Cybersecurity, Risk Management, or related field
• Professional certifications such as CISM, CRISC, CGEIT, CISSP, ISO 27001 Lead Implementer.
• Ability to work independently in a remote, multicultural environment.
• Strong analytical, organizational, and communication skills.
• Dynamic, hardworking, and eager to grow within a fast-paced global environment.
• 3–5 years of experience in information security, risk management, or compliance roles.
• Experience in cybersecurity governance, risk, and regulatory compliance within organizations
• knowledge of India, global and Middle East data protection and security regulations
• Hands-on experience managing ISO certifications, regulatory audits, and multi-framework compliance programs
• Experience in third-party risk management, policy governance, and enterprise risk reporting
• Require flexibility in working hours, to manage India, Middle East and Africa timings.

What we offer:

• Fully remote role, with need to travel within or outside of India as needed.
• Exposure to complex, multi-market operations and global compliance frameworks.
• Professional growth opportunities in cybersecurity and GRC.
• Collaborative, inclusive, and innovative work culture.

How to Apply

If you’re passionate about cybersecurity governance and eager to grow your career in GRC, we’d love to hear from you! Please submit your CV (mandatory) and a brief cover letter (optional) outlining your interest and relevant experience.