GRC Advisor

Your Role

• Operate and maintain the ISMS lifecycle, including process management, scheduling, evidence collection, and ensuring continuous compliance with ISO/IEC 27001 standards.
• Manage information security policies and standards by drafting, reviewing, publishing, and maintaining documentation with proper version control and approval workflows.
• Plan and execute internal audits and control testing, document findings, and drive closure of corrective and preventive actions (CAPA).
• Support risk and compliance activities including risk assessments, control mapping, exception handling, and implementation of risk treatment plans.
• Ensure audit readiness through effective evidence management, maintaining artefacts (SoA, risk register, logs), and supporting external audits and compliance reporting.

Your Profile

• Strong experience in Information Security Management Systems (ISMS) operations aligned with ISO/IEC 27001 standards.
• Proven expertise in policy lifecycle management, internal audits, control testing, and compliance tracking.
• Knowledge of risk management practices including risk assessment, treatment planning, and compliance monitoring.
• Experience with cloud security and privacy frameworks, especially ISO 27017 and ISO 27018 for cloud and PII protection.
• Ability to manage audit artefacts, reporting dashboards, metrics, and stakeholder communication for compliance visibility.

What you will love working in Capgemini

• Be a key contributor in strengthening enterprise security posture through robust ISMS operations and compliance frameworks.
• Collaborate with cross-functional teams to deliver secure, compliant, and audit-ready environments across cloud and on-prem systems.
• Clear career progression paths from security operations roles to governance, risk, and compliance (GRC) and architecture roles.
• Be part of mission-critical projects that ensure security, compliance, and operational efficiency for Fortune 500 clients.