GRC & Security Consultant

JOB PURPOSES:

Ensure the organization’s compliance with ISO 27001, SOC 2 readiness, and data protection regulations.
Support IT risk assessment, audit coordination, and security governance activities.

PRINCIPAL ACCOUNTABILITIES:

1. Governance & Compliance

• Maintain and support internal audits of ISO/IEC 27001:2022 and assist in annual external audits.
• Support SOC 2 readiness activities and evidence collection in coordination with technical teams.
• Update and maintain information security policies and standards.
• Ensure compliance with Decree 13/2023/ND‑CP and other applicable data protection regulations.
• Perform periodic access reviews to ensure adherence to the principle of least privilege.

2. Risk Management

• Conduct regular IT systems and process risk assessments using established frameworks.

• Collaborate with stakeholders to develop risk treatment plans and track remediation progress

3. Security Assessment & Client Support

• Coordinate responses to security questionnaires and customer/vendor assessments.

• Act as a liaison between auditors and technical teams to review and validate evidence.

4. Incident, Continuity & Audit Support

• Track internal and external audit findings and ensure corrective actions are completed on time

5. Security Awareness

• Deploy and manage security awareness training programs for employees.

• Bachelor’s degree with major in in Information Security, Computer Science, IT Management or related fields.

• Minimum 3 years of experience working in IT GRC, Information Security, IT Audit or related fields.

• ISO 27001 Internal Auditor or similar. Experience participating in ISO 27001 audits or implementation projects. (nice to have)

• Growth Mindset & One-Team Mindset