GRC Assessor

About the Role We are looking for an experienced GRC Assessor to support a post go-live security assessment following the transition of ICT managed services to a new service provider. This role focuses on evaluating the effectiveness of implemented security controls in a live environment. It is a non-assurance, point-in-time assessment, requiring a strong ability to review operational evidence rather than perform technical testing or design reviews. The ideal candidate brings hands-on experience in operational security reviews, particularly within managed services or regulated environments, and is comfortable working with documentation, logs, and governance processes. Key Responsibilities • Perform post-implementation security assessments to evaluate the effectiveness of operational controls after service transition. • Review and analyze evidence-based artifacts, including logs, tickets, access records, incident reports, and change records. • Assess risks related to service transition and inherited controls, including access provisioning/revocation, logging continuity, and knowledge transfer. • Evaluate governance and operational effectiveness across key security domains. • Identify gaps, risks, and improvement areas, and provide actionable recommendations. • Collaborate with stakeholders across security, IT, and service providers to validate findings and ensure alignment. • Prepare clear and structured assessment reports for management and key stakeholders. Required Skills & Experience • Proven experience in GRC, IT security assessments, or operational risk reviews. • Experience performing post-go-live / post-implementation reviews in managed services or regulated environments (e.g., public sector, finance, healthcare). • Strong understanding of security control domains, including:• Identity & Access Management (IAM) • Security Operations / Monitoring (SOC) • Incident Response • Vulnerability and Patch Management • Backup & Recovery • Change and Configuration Management • Experience working with cloud and hybrid environments, including: • Microsoft Azure • Amazon Web Services • Google Cloud Platform • Ability to perform evidence-based assessments (not penetration testing or deep technical validation). • Strong analytical skills and attention to detail. • Experience in stakeholder communication and reporting. Compliance & Framework Knowledge • Familiarity with security frameworks and regulations at a governance and control effectiveness level, including:• ISO/IEC 27001 • NIS2 Directive • General Data Protection Regulation