Search here...
Speak to a cibersecurity expert
Get in touch for a no obligation quote

    GRC Consultant

    Balwurk > GRC Consultant

    GRC Consultant - Job Details

    Key responsibilities:
    • Define, implement and monitor Governance, Risk & Compliance frameworks in line with client requirements and industry best practice.

    • Conduct Information Security Risk assessments, identifying threats, vulnerabilities, impact and mitigation measures.

    • Support the definition, review and maintenance of security policies, standards, procedures and controls.

    • Conduct gap analyses against standards and frameworks such as ISO 27001, NIST CSF, NIS2 (DL125-2025), amongst others.

    • Monitor internal audits, ensuring the collection of evidence, handling of non-conformities and definition of action plans.

    • Support processes for technology risk management, third-party risk, business continuity and security awareness.

    • Produce technical and executive reports containing conclusions, identified gaps, maturity levels and recommendations for improvement.

    • Collaborate with technical, business and management teams to ensure the implementation and monitoring of defined controls.

    Essential requirements:
    • 2 to 5 years’ practical experience in GRC, Information Security, IT Risk or Compliance roles.

    • Experience in risk assessments, audits, compliance and defining security controls.

    • Good knowledge of frameworks and standards such as ISO 27001, ISO 22301, NIST CSF, or equivalent.

    • Solid knowledge of applicable regulatory and statutory requirements, namely NIS2, GDPR and QNRCS.

    • Experience and ability to draft policies, procedures, executive reports and remediation plans independently.

    • Ability to interact with various stakeholders, from technical teams to management.

    • Mandatory certification: ISO 27001 Lead Auditor.

    • Good command of English (written and spoken).

    • Excellent command of Portuguese (written and spoken).

    What skills do you need to have?
    • Experience in ISO 27001 certification projects.

    • Experience in supplier auditing and third-party risk management.

    • Knowledge of business continuity and disaster recovery.

    • Experience with GRC tools and risk/compliance management platforms.

    • Experience in information security awareness, training and outreach.

    • Knowledge of DORA, NIS2 or other relevant regulatory frameworks.

    • One of the following certifications or equivalents will be an advantage: ISO 27001 Lead Implementer, CRISC, CISA, CISM.

    • GRC

    • Lisbon