Job Description :
Position: GRC Consultant
Location: North field, IL
Contract : 06 months

Minimum years of Experience 8+ years

Must Have Skills :-
1. GRC Consultant

Detailed Job Description:
Risk Management:

1. 1.Collaborate with CAP in modifying practices, policies and procedures to address gaps while enabling the Supplier to efficiently and effectively provide Security Vulnerability and Risk Assessment Services.
2. Maintain practices, policies and procedures
3. Review and approve Supplier-driven changes to practices, policies and procedures with CAP for approval
4. Mutually conduct IT Infrastructure compliance testing. Testing frequency will be jointly determined.
5. Agree on best course of action until fix is available and agree on plan to implement fix when available

Compliance and Audit:

1. Collaborate with Supplier in adapting practices, policies and procedures to conform to standards
2. Implement practices, policies and procedures to conform to standards
3. Support compliance certification activities
4. Communicate non-compliance and remediation activities to CAP
5. Address non-compliance of practices, policies and procedures
6. Support CAP and other Third-Party compliance audits
7. Communicate proposed changes to CAP
8. Modify security practices, processes and procedures to maintain compliance.

Vendor Risk Management:

1. Vendor risk reviews for all vendor engagements (Business vendor and IT vendors)
2. Conduct due diligence at least once in a year for vendors who are supporting CAP
3. Follow-up with the vendor for completing the questionnaire
4. Review the response from the questionnaire
5. Clarify with the vendor for any additional information / Supporting documents
6. Report on the Findings from Vendor review with the CAP Team
7. Entitlement reviews which have to do with researching and following up to determine what access is required for these 3rd party vendor systems and perform periodic entitlement reviews
8. Perform vendor lite reviews during new vendor selection process.