This is a full-time, on-site role for a Consultant, GRC at HTS Consulting. The Consultant will ensure compliance with industry regulations, build a robust security posture, and foster a culture of cybersecurity awareness within the organization.

​

Key Responsibilities:

• Maintain awareness of relevant compliance requirements.

• Coordinate with internal teams to implement and maintain compliance procedures.

• Support internal audits and assessments.

• Prepare and maintain compliance documentation.

​

Qualifications:

• Bachelor’s Degree in any field.

• 5+ years of experience in compliance management roles.

• Excellent communication skills.

• Ability to build and implement effective compliance programs.

• Working knowledge of industry regulations such as PCI-DSS, ISO 27001, ISO 27701, SOC 2 Type II.

• Good understanding of vulnerability management and risk assessment.

• Experience in conducting security audits and assessments.

• Detail-oriented with strong analytical and problem-solving abilities.

• ISO 27001 Lead Auditor Certification

​

Key Activities:

• Daily: SIEM monitoring, log monitoring and review, WAF review, MDR & EPP review.

• Weekly: Compliance summary report.

• Monthly: Employee file verification, HR user list updates, security awareness for new joiners, various register reviews (visitor, employee, inward/outward, security guard attendance), O365 user access, privilege access register, CCTV footage review, Patch Tuesday mailer, compliance summary report, risk register, AWS S3 bucket review, IAM SOD matrix, policy and procedure mailer, risk summary report, user access review, ASV scan, external and internal VA, PIM/PAM & DAM, OS obsolescence, OSINT testing, security group review, PCCB reports review, vendor checklist, AV update review, AWS server inventory, GitHub/GitLab user access review, AWS-Open VPN user access review, AWS & AWS DB privilege access register.

• Quarterly: Physical and IT asset inventory, secure SDLC training, backup restoration, firewall rule review, internal & external pen testing.

• Annual: Roles & responsibilities and org chart review, employee and job handbook, mock fire drill review, ISO 27001 internal & external audit, SOC2 audit, PCI DSS audit, BCP/DR drill, risk register review, board of directors review list, cloud security assessment, source code review report, information security awareness training, IT roles & responsibilities matrix review, application security assessment report, phishing exercise, SAR/DAR audit, RBI audit, policy procedures and SOP, network architecture diagrams review, API security assessment, third party risk assessment.​​​​​