Associate Lead Consultant - GRC and NIST Job

YASH Technologies is a leading technology integrator specializing in helping clients reimagine operating models, enhance competitiveness, optimize costs, foster exceptional stakeholder experiences, and drive business transformation.

At YASH, we’re a cluster of the brightest stars working with cutting-edge technologies. Our purpose is anchored in a single truth – bringing real positive changes in an increasingly virtual world and it drives us beyond generational gaps and disruptions of the future.

We are looking forward to hire NIST Professionals in the following areas :

Position Name: Associate Consultant - GRC, NIST

Job Description:

• We are looking for a senior cybersecurity GRC (Governance, Risk, and Compliance) professional.
• Strong background in GRC frameworks such as NIST CSF, ISO 27001, and similar standards.
• Hands-on experience with risk management processes, security documentation writing, and security assessments.
• Candidates will work closely with different teams within the cybersecurity practice, COEs, business teams, and customer cybersecurity teams.
• Candidate will analyze the cybersecurity risks associated with the implementation of security solutions, secure processes, and computing environment changes.
• Candidates will collaborate with other cybersecurity teams to help clients prioritize and implement risk-mitigating controls and solutions.
• Candidate should also be able to lead the creation of security governance documentation and TTX simulation exercises to support enterprise Incident response.
• Exposure to GRC/Audit tools/platforms is an added advantage

Job Responsibilities:

1. Governance, Risk, and Compliance (GRC): 

• Lead and execute security assessments against recognized frameworks like NIST CSF, ISO 27001, SOC 2, and others.
• Develop, implement, and manage GRC initiatives for customers.
• Perform gap assessments and provide recommendations for compliance and risk mitigation.
• Drive development and maintenance of risk management processes and tools.
• Conduct Business Impact Analysis (BIA) for critical business applications and support continuity planning efforts.

2. Security Documentation and Policy Development: 

• Draft, review, and refine security policies, procedures, and technical documentation.
• Develop security documentation such as risk assessment reports, compliance roadmaps, certification support materials, and security architecture governance artifacts.
• Create documentation to support the establishment and operationalization of Security Architecture Review Boards (SARB), including charters, workflows, and review templates.
• Ensure all documentation aligns with industry best practices and regulatory requirements.

3. Security Assessments: 

• Conduct in-depth security assessments, including readiness assessments for certifications (e.g., ISO 27001 certification audits, NIST CSF Maturity assessments). 
• Evaluate the effectiveness of existing security controls and provide actionable recommendations for improvement. 
• Facilitate security control mapping exercises between frameworks (e.g., ISO 27001, NIST CSF, PCI-DSS, HIPAA, NIS2, DORA etc.). 

4. Incident Response and Tabletop Exercises:

• Design and document incident response tabletop scenarios and playbooks tailored to organizational risks.
• Lead the execution of tabletop exercises involving cross-functional teams to validate incident readiness.
• Analyze results of simulations to identify gaps and enhance incident response capabilities.

5. Collaboration and Stakeholder Management: 

• Work closely with customer security teams to understand their environment, challenges, and objectives. 
• Provide technical and strategic advisory to customers regarding cybersecurity best practices. 
• Act as the primary point of contact for GRC-related initiatives, ensuring clear communication and alignment. 

6. Communication and Reporting: 

• Create detailed reports and presentations tailored for both technical teams and leadership audiences. 
• Communicate technical concepts effectively to non-technical stakeholders. 

7. Training and Awareness: 

• Support security awareness, phishing and training initiatives for customers to enhance their understanding of GRC practices. 
• Mentor team members and provide guidance on GRC activities. 
• Exposure to phishing simulation and awareness tools/platforms added advantage.

8. Required Qualifications and Skills: 

• Experience: 10–15 years of experience in cybersecurity GRC roles, including hands-on exposure to frameworks like ISO 27001, NIST CSF, SOC 2, and others.
• Documentation Expertise: Proven ability to create clear, concise, and technically accurate security policies, procedures, risk reports, playbooks, and governance documents.
• Assessment & Simulation Skills: Experience conducting BIA, security assessments, and tabletop exercises, and developing supporting documentation such as IR scenarios and SARB governance materials.
• Communication: Excellent written and verbal communication skills; ability to engage with both technical and non-technical stakeholders.
• Framework Knowledge: In-depth understanding of governance, risk management, and compliance frameworks and their implementation.
• Certifications: Preferred certifications include ISO 27001 Lead Auditor/Implementer, CISSP, CISA, CISM, CRISC, or other relevant certifications. (Mandatory at least 1)

Soft Skills: 

• Strong stakeholder management and collaboration abilities.
• Ability to work independently and lead GRC initiatives in complex environments.
• Analytical mindset and problem-solving skills. 

At YASH, you are empowered to create a career that will take you to where you want to go while working in an inclusive team environment. We leverage career-oriented skilling models and optimize our collective intelligence aided with technology for continuous learning, unlearning, and relearning at a rapid pace and scale.

Our Hyperlearning workplace is grounded upon four principles

• Flexible work arrangements, Free spirit, and emotional positivity
• Agile self-determination, trust, transparency, and open collaboration
• All Support needed for the realization of business goals,
• Stable employment with a great atmosphere and ethical corporate culture