IT GRC Lead

As our IT GRC Lead, you will be delivery anchor across governance, risk, and compliance engagements. You convert regulatory requirements into practical controls, steer complex assessments, and mentor consultants to deliver work that is accurate, defensible, and genuinely useful for clients, especially those in highly regulated industries.Key Responsibilities:Own end-to-end engagement lifecycle: scope, plan, deliver, report, close.Design/refresh governance, risk, and control frameworks aligned to COBIT, ISO/IEC 27001, ITIL, etc.Lead risk assessments, control design/effectiveness testing, and remediation governance.Translate PBI/POJK into actionable control objectives, test steps, and evidence models.Review/sign-off deliverables (risk registers, control matrices, test scripts, workpapers, executive reports).Build accelerators (templates, control catalogs/mappings) and light automation for evidence.Provide on-the-job coaching and formal feedback.Requirements:7–10+ years in IT audit/tech risk/security/compliance.Strong command of COBIT 2019, ISO/IEC 27001:2022, ITIL and control testing/risk methods.Hands-on with PBI/POJK programs in financial services or similarly regulated sectors.Excellent client communication & executive reporting.Comfortable with sampling, evidence strategies, dashboards/KRIs for remediation tracking.Exposure to cloud, IAM, data protection, and third-party risk.Preferred: CISA, CRISC, CISSP, ISO 27001 LI/LA, ITIL.Familiarity with GRC tools.