CrawlJobs Logo

Grc Consultant Risk Management

Luxembourg, Leudelange · Job Posted January 29, 2026
Apply Position
Job Link Share

Job Description

Consultant capable of designing and implementing an industrialized process for Risk Management.

Job Responsibility

  • Definition of the Risk Strategy
  • Define, formalise and maintain a structured risk analysis methodology
  • Develop and maintain templates, policies, standards, and guidance documents
  • Build an service offering for risk analysis activities
  • Harmonise practices across teams and ensure alignment with group-wide expectations
  • Industrialisation of the Risk Analysis Process
  • Design automated workflows for generating risk analyses
  • Automate data collection, pre‑population of fields, consolidation and generation of standardised deliverables
  • Continuously improve the process to reduce effort, improve quality and increase consistency
  • Work closely with customers to integrate business and operational constraints

Requirements

  • Good knowledge of cybersecurity frameworks (ISO 27001, NIST CSF, CIS Controls)
  • Skills in IT and security risk management
  • Understanding of regulatory requirements: GDPR, DORA, eIDAS, etc.
  • Ability to draft policies, procedures, standards, and guidelines
  • Ability to coordinate multiple stakeholders (IT, Security, Business teams, HR)
  • Strong ability to produce clear and structured deliverables
  • Knowledge of CSSF constraints is an asset
  • Strong vision and expertise in CyberSecurity processes, especially IT risk analysis
  • Affinity with operational process workflows and their optimisation
  • Strong rigour and attention to detail
  • Proactive mindset and ability to take initiative
  • Strong organisational capabilities
  • Critical thinking and problem‑solving mindset
  • Client‑oriented attitude
  • Creativity, innovation, and ability to resolve complex issues
  • Ability to synthesise and simplify complex information
  • French: read, written, spoken
  • English: read, written, spoken
  • Bachelor’s/Master’s degree (Computer Science, Cybersecurity, Risk Management, Governance, Audit or equivalent)
  • Experience in GRC, cybersecurity, IT risk management, IT audit or compliance

Nice to have

Certifications appreciated: ISO 27001 Lead Implementer / Auditor, ITIL, CISSP, CISM, CISA

What we offer

  • Access to our Sopra Steria training and personal development academy
  • A company car lease or mobility budget
  • A company laptop and mobile phone
  • Private health insurance coverage
  • Meal vouchers
  • Social security and pension plan
  • A competitive salary

Looking for more opportunities?

Search for other job offers that match your skills and interests.

Similar Jobs for

Grc Consultant Risk Management

8 matching positions

Grc Consultant

Manage and maintain IT Governance, Risk & Compliance (GRC) programs across the o...
Location
Location
India , Bengaluru
Salary
Salary:
Not provided
ambconline.com Logo
AMBC
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 4 to 5 years of work experience in Information Security, Cybersecurity, IT Risk Management, Compliance, FinTech, SaaS, or BFSI
Job Responsibility
Job Responsibility
  • Manage and maintain IT Governance, Risk & Compliance (GRC) programs across the organization
  • Conduct IT Risk Assessments and maintain enterprise Risk Registers with mitigation plans
  • Support implementation and compliance activities aligned with NIST CSF 2.0 and ISO 27001:2022 frameworks
  • Coordinate Internal and External Audits, including evidence collection, control testing, and audit readiness activities
  • Manage compliance requirements related to GDPR and India’s DPDP Act
  • Perform Third-Party Risk Management (TPRM) activities, including vendor security assessments and risk evaluations
  • Develop, review, and maintain Information Security policies, standards, procedures, and governance documentation
  • Track audit findings, corrective action plans (CAPs), remediation activities, and compliance gaps
  • Prepare compliance reports, risk dashboards, management updates, and stakeholder communications while working closely with Security, IT, Product, and Legal teams to ensure governance and compliance objectives are achieved
  • Fulltime
Read More
Arrow Right

Vice President of Enterprise/Operational Risk Management

The Vice President of Enterprise/Operational Risk Management is an organizationa...
Location
Location
United States , New York
Salary
Salary:
200000.00 - 240000.00 USD / Year
https://www.roberthalf.com Logo
Robert Half
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor's degree in Finance, Business Administration, Risk Management, or related field
  • advanced degree or professional certifications (e.g., CPA, CISA, CRISC, CIA, CRMP, CERP, FRM, CRM, PRM)
  • Minimum of 10+ years of experience in enterprise risk management, operational risk management, risk advisory, strategy/management consulting, Financial Institution Supervision/Regulation, Internal Audit, or related role in the financial services industry, including leadership responsibility
  • Deep knowledge of operational risk frameworks (e.g., the COSO ERM Framework or ISO 31000), governance processes, control strategies, and risk assessment methodologies and regulatory requirements/industry standards for risk management
  • Strong understanding of enterprise/operational risks, third-party risk, resiliency, and data governance disciplines
  • Excellent communication and interpersonal skills, with the ability to effectively engage with senior leadership, audit, regulators, and external stakeholders
  • Comfort working in a rapidly changing, growing business environment with developing risk frameworks and evolving priorities
  • Experience with GRC tool implementation and automating ERM/ORM Processes are preferred
Job Responsibility
Job Responsibility
  • Manage the delivery of the Enterprise Risk Management framework with a focus on continuous improvement
  • Play a leading role in the delivery of ERM/ORM's strategic objectives
  • Participate in risk governance activities
  • Optimize second line risk reporting and visualization standards
  • Maintain and update second line risk policies, standards, and procedures
  • Conduct and oversee periodic risk and control assessments (RCSAs), scenario analyses, and emerging risk reviews across business lines
  • Evaluate risk exposures including operational failures, cyber threats, process weaknesses, third-party risk, and business disruption vulnerabilities
  • Partner with business stakeholders to identify control gaps and define actionable remediation plans
  • Monitor and report on key risk indicators (KRIs) and prepare loss-event analytics, and risk dashboards
  • Provide timely and accurate reporting to executive leadership and board committees
What we offer
What we offer
  • medical
  • vision
  • dental
  • life and disability insurance
  • 401(k) plan
  • free online training
  • Fulltime
Read More
Arrow Right

Senior GRC Consultant

The Information Security Analyst will be responsible for maintaining and enhanci...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant experience in Information Security and GRC
  • Strong understanding of risk management methodologies and international security standards (e.g., ISO 27001, US NIST, TSA, etc.) and the ability to assess risks, identify vulnerabilities, etc.
  • Familiarity with data privacy legislation such as EU GDPR
  • Experience maintaining and auditing Information Security Management Systems (ISMS) in line with ISO 27001
  • Customer service-oriented with the ability to build strong relationships with internal stakeholders
  • Analytical and creative thinking skills, with the ability to identify pragmatic solutions
  • The ability to organize the daily work schedule and delegate where necessary
  • Strong verbal and written proficiency in English and German.
Job Responsibility
Job Responsibility
  • Maintain the Information Security Management System (ISMS) in accordance with ISO 27001
  • Conduct audit against Telecommunications Security Act (TSA) and other applicable local and regional compliance standards
  • Analyze and evaluate internal projects to identify risks and define appropriate compensatory measures
  • Prepare and present reports on information security including areas for improvement
  • Manage and update content for the information security awareness platform for employees and key suppliers, ensuring up-to-date training on information and cybersecurity best practices
  • Research and recommend security enhancements and improvements.
What we offer
What we offer
  • We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing
  • Our Learning and Development team ensure that there are continuous growth and development opportunities for our people
  • We also offer the opportunity to have flexible work options.
Read More
Arrow Right

Technical GRC Consultant

Our client, a leading technology integrator, is in need of a Technical GRC Consu...
Location
Location
United States
Salary
Salary:
78.00 - 115.00 USD / Hour
clearbridgetech.com Logo
ClearBridge Technology Group
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • SME level knowledge of Governance, Risk and Compliance frameworks
  • FedRAMP Moderate and IL4 knowledge of NIST 800-53 controls as well as a strong understanding of Rev 5
  • Experience working with GRC SaaS products. Paramify, RegScale or Vanta experience is a huge plus
  • Experience working with Python or API based automation in order to write “Fetcher” and “Validator” scripts to automate evidence collection
  • Ability to validate boundary diagrams, data flows, and network architecture against actual cloud configurations
  • Demonstrated ability to develop and deliver training to staff on GRC processes, tools, and implementation best practices
Job Responsibility
Job Responsibility
  • Working remotely in support of a GRC effort to move legacy ATO documentation into a modern, machine-readable format
  • Supporting a GRC SaaS implementation and should understand how to manage workspaces, program settings and KSI (Key Security Indicators) mapping
  • Creating scripts and validators to automate evidence collection from our clients environment
  • Validating boundary diagrams, data flows and network architecture against actual cloud configurations
  • Developing and delivering training to staff on GRC processes, tools and implementation best practices
What we offer
What we offer
  • excellent benefits and compensation packages
Read More
Arrow Right

Lead Cyber Risk Consultant

Whitehall Resources are currently looking for a Cyber Risk Consultant based in C...
Location
Location
United Kingdom , Cheshire
Salary
Salary:
Not provided
whitehallresources.com Logo
Whitehall Resources Ltd
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Approximately 8-10+ years of experience in cybersecurity
  • Significant experience in cyber risk management or security consulting roles
  • Prior experience leading risk assessment projects or large-scale security consulting engagements
  • Deep knowledge of cyber risk management practices, including risk assessment methodologies and frameworks (e.g. NIST CSF, ISO 27005, FAIR)
  • Ability to identify, classify, and prioritize cybersecurity risks in a large enterprise environment
  • Strong understanding of IT infrastructure and applications, especially the challenges posed by End-of-Life technologies
  • Advanced analytical skills (“cyber analytics”), including proficiency with risk analysis tools or GRC platforms
  • Proven ability to lead a team or project in a cybersecurity context
  • Excellent organizational skills to manage multiple parallel workstreams
  • Exceptional communication skills, both written and verbal
Job Responsibility
Job Responsibility
  • Lead Risk Assessments: Plan and conduct a full stock assessment of EOL technologies within the bank
  • Risk Rating & Analysis: Oversee the analysis of identified vulnerabilities and weaknesses and produce risk ratings and reports
  • Residual Risk Reduction: Identify and recommend risk mitigation opportunities to reduce residual risk in legacy platforms and applications
  • Remediation Planning: Collaborate closely with technology owners and engineering teams to develop remediation plans and prioritize fixes or upgrades for EOL systems
  • Project Leadership & Coordination: Coordinate the efforts of the Cyber Risk Analysts, assigning tasks and monitoring progress
  • Stakeholder Engagement: Serve as the primary point of contact for stakeholders
  • Communicate risk findings and status updates
  • Transition to BAU: Ensure that remediation activities and improved risk practices are handed over smoothly to the permanent operational teams
Read More
Arrow Right

Graduate Associate GRC Consultant

The role involves consulting on and delivering Governance Risk & Compliance (GRC...
Location
Location
United Kingdom , London
Salary
Salary:
Not provided
risktec.tuv.com Logo
Risktec Solutions
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Bachelor’s degree is mandatory (2:1 or above), ideally in an analytical discipline (e.g., Computer Science, Mathematics, Sciences, IT, Engineering, Economics)
  • Experience in programming or working with analytical tools such as Excel, JavaScript, JSON or REST APIs would be desirable
Job Responsibility
Job Responsibility
  • Collecting and understanding business requirements required for successful implementations
  • Finding elegant solutions to complex technical problems
  • Participating in the solution development process and ensuring that customer requests and needs are represented within the product
  • Configure and leverage the capability of the ServiceNow platform to meet customer requirements
  • Supporting and managing product lifecycles of existing implementations
  • Developing project and budget management skills
  • Continuously learning and expanding your knowledge within the risk and security space, including staying abreast of new ServiceNow releases and features
  • Direct communication with clients – both in person and online
What we offer
What we offer
  • 25 days holiday allowance plus public holidays
  • Performance-based annual bonus
  • Private Health Insurance
  • Generous pension Scheme with 7.5% employer contribution
  • Bike to Work Scheme
  • Regular socials
  • Strong career development support
  • Flexible hybrid working model
  • Potential opportunities to work and travel internationally
  • Fulltime
Read More
Arrow Right

GRC Consultant

The Information Security Manager will play a crucial role in safeguarding the or...
Location
Location
United Kingdom , Birmingham
Salary
Salary:
Not provided
nttdata.com Logo
NTT DATA
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • Significant experience in Information Security and GRC
  • Strong understanding of risk management methodologies and international security standards (e.g., ISO 27001, US NIST, TSA, etc.) and the ability to assess risks, identify vulnerabilities, etc.
  • Familiarity with data privacy legislation such as EU GDPR
  • Experience maintaining and auditing Information Security Management Systems (ISMS) in line with ISO 27001
  • Customer service-oriented with the ability to build strong relationships with internal stakeholders
  • Analytical and creative thinking skills, with the ability to identify pragmatic solutions
  • The ability to organize the daily work schedule and delegate where necessary
  • Strong verbal and written proficiency in English and German.
Job Responsibility
Job Responsibility
  • Maintain the Information Security Management System (ISMS) in accordance with ISO 27001
  • Conduct audit against Telecommunications Security Act (TSA) and other applicable local and regional compliance standards
  • Analyze and evaluate internal projects to identify risks and define appropriate compensatory measures
  • Prepare and present reports on information security including areas for improvement
  • Manage and update content for the information security awareness platform for employees and key suppliers, ensuring up-to-date training on information and cybersecurity best practices
  • Research and recommend security enhancements and improvements
What we offer
What we offer
  • We offer a range of tailored benefits that support your physical, emotional, and financial wellbeing
  • Our Learning and Development team ensure that there are continuous growth and development opportunities for our people
  • We also offer the opportunity to have flexible work options
Read More
Arrow Right

Grc Consultant

In Cyclad we work with top international IT companies in order to boost their po...
Location
Location
Poland
Salary
Salary:
110.00 PLN / Hour
cyclad.pl Logo
Cyclad Sp. z o.o.
Expiration Date
Until further notice
Flip Icon
Requirements
Requirements
  • 3–6 years of experience as a GRC Consultant or in a similar IT security role
  • Solid knowledge of IT risk management, cybersecurity frameworks, and compliance practices
  • Strong understanding of Agile methodologies
  • Experience in vulnerability management and remediation
  • Ability to manage stakeholders and communicate effectively across teams
  • Strong analytical thinking and problem-solving skills
  • Independent, proactive mindset with a consultant approach
Job Responsibility
Job Responsibility
  • Ensure deployment of security and continuity policies across the organization
  • Influence business decisions to align with security goals and objectives
  • Ensure applications are onboarded into relevant security tools (SAST, AVS, Pentests, SCA, ANON)
  • Promote security by design and security by default principles in software architecture and development
  • Support troubleshooting and debugging of security issues
  • lead cross-functional vulnerability remediation initiatives
  • Participate in agile ceremonies (Sprint Planning, Backlog Review) with a strong focus on security
  • Provide regular reporting on application security levels and vulnerabilities to IT Risk & Cyber Security stakeholders
  • Share best practices with central IT Risk & Cyber Security teams and other security officers
  • Coordinate and follow up on continuity tests and exercises
What we offer
What we offer
  • Private medical care with dental care (covering 70% of costs). Family package option possible.
  • Multisport card (also for an accompanying person).
  • Life insurance.
  • Work with talented engineers on large-scale, technically challenging projects.
  • Fulltime
Read More
Arrow Right