GRC Specialist

4 weeks ago


Lahore, Punjab, Pakistan Descon Full time

Direct message the job poster from Descon

HR Professional | Talent Acquisition | Employee Engagement | Workforce Planning | Talent Management | Recruitment Strategy | Performance Management |…

Job Summary:

We are seeking a skilled Information Security Specialist to develop, implement, and maintain an Information Security Management System (ISMS) in line with ISO 27001 standards. The role involves collaborating with internal stakeholders and third-party security partners to establish robust security policies, implement GRC (Governance, Risk, and Compliance) controls, and conduct regular security assessments to protect the organization's systems and data.

Key Responsibilities:ISMS & Security Governance:
  • Develop and implement an Information Security Management System (ISMS) aligned with ISO 27001.
  • Coordinate with third-party security partners to develop corporate information security policies and standards and ensure continuous monitoring of security controls, KRIs, and KPIs.
  • Ensure compliance with industry security frameworks, including NIST CSF & CIS Critical Security Controls.
  • Assist in the implementation of GRC controls and measures, performing audits and assessments to mitigate security risks.
Risk Management & Compliance:
  • Identify, communicate, and manage emerging security threats and vulnerabilities with key stakeholders.
  • Implement firewalls, endpoint security, SIEM, SOC, EDR/XDR, and mobility management tools to enhance security.
  • Conduct risk assessments, security audits, vulnerability scans, and penetration tests to validate security effectiveness.
  • Work with internal IT teams to adopt security best practices and ensure compliance with security policies.
Security Operations & Incident Management:
  • Monitor security systems and network performance to detect irregular activity and potential security incidents.
  • Collaborate with Managed Security Service Providers (MSSP) to conduct and review security assessments, including penetration testing and vulnerability scanning.
  • Use data encryption, firewalls, and security applications to protect digital information.
  • Validate IT infrastructure and recommend security enhancements to reduce risks and strengthen security posture.
Business Continuity & Disaster Recovery:
  • Work with third-party security partners and internal IT teams to develop Business Continuity and Disaster Recovery (BCDR) Plans and conduct regular drills.
  • Review, establish, and implement effective disaster recovery strategies.
Security Awareness & Training:
  • Conduct information security awareness training for employees and ensure adherence to security best practices.
  • Promote a security-first culture within the organization.
Qualifications & Experience:
  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 3+ years of experience in information security operations, risk management, and compliance.
  • Strong understanding of ISO 27001, NIST CSF, CIS Critical Security Controls, ITIL, and COBIT.
  • Expertise in firewalls, endpoint security, SIEM, SOC, EDR/XDR, mobility management, vulnerability scanning, and penetration testing.
  • Certified professionals preferred (CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor).
  • Experience working with certified security professionals, auditors, and SOC analysts.
  • Strong analytical, problem-solving, and communication skills.
Preferred Skills:
  • Knowledge of cloud security, DevSecOps, and threat intelligence.
  • Experience in working with security vendors, MSSPs, and security consulting firms.
  • Ability to design and implement risk treatment plans for complex security environments.
Why Join Us?
  • Opportunity to work with cutting-edge security technologies and industry best practices.
  • Collaborative and fast-paced work environment.
  • Continuous learning and professional growth opportunities.

If you have a passion for cybersecurity and want to play a critical role in safeguarding an organization's digital assets, we'd love to hear from you

Apply Now

Recruitment@descon.com

Seniority level
  • Mid-Senior level
Employment type
  • Full-time
#J-18808-Ljbffr

  • Lahore, Punjab, Pakistan beBeeCybersecurity Full time 3,000,000 - 3,500,000

    Job Title: Cybersecurity SpecialistAs a seasoned Cybersecurity Specialist, you will be responsible for designing, implementing, and maintaining robust security risk management frameworks that align with industry standards. Your expertise in Governance, Risk, and Compliance (GRC) will enable the development of policies, procedures, and security documentation...


  • Lahore, Punjab, Pakistan Cognilium AI Full time

    Upwork Bidding Specialist – AI/SaaS (Lahore)Upwork Bidding Specialist – AI/SaaS (Lahore)Direct message the job poster from Cognilium AIFounder & CEO, Cognilium AI | Building Scalable AI Products for Startups | Architecting Cloud & Automation for Client-Centric Solutions | Empowering…About Cognilium AICognilium AI helps fast-growing startups and...


  • Lahore, Punjab, Pakistan beBeeCompliance Full time 1,200,000 - 1,500,000

    Job OverviewThe role of the GRC Analyst is crucial in ensuring that organizations meet regulatory and compliance requirements, including ISO27001 Audit, PCI DSS, and security frameworks.Key Responsibilities:Develop and implement information security policies and standards related to PCI-DSS and NIST CSF compliance for specific business units.Lead PCI-DSS...

  • Google Ads Specialist

    3 weeks ago


    Lahore, Punjab, Pakistan Brandix Soft LTD Full time

    We're seeking an experienced Google Ads Specialist to join our team and lead the strategy, execution, and optimization of our Google Ads campaigns. This role is ideal for someone who is passionate about driving measurable results through paid advertising and has a proven track record in eCommerce, funnel strategies, Shopping Ads, Search Ads, and lead...


  • Lahore, Punjab, Pakistan 365 Care Group Full time

    1 day ago Be among the first 25 applicantsLocation: Gulberg 3, LahoreJob Type: Full-TimeExperience Level: Senior (5+ Years)About the RoleWe are seeking a highly experienced Senior Azure Specialist to lead the design, implementation, and administration of our cloud infrastructure and Microsoft 365 ecosystem. This role is essential for advancing our cloud...


  • Lahore, Punjab, Pakistan beBeeInformationSecurity Full time

    Job DescriptionThis role focuses on enhancing ITIS Audit capabilities, ensuring regulatory compliance and security standards are met across Vela group companies. You will collaborate with various teams to implement information security policies, monitor risks, and develop countermeasures.The ideal candidate will have expertise in PCI-DSS and NIST CSF...


  • Lahore, Punjab, Pakistan beBeeCloud Full time $60,000 - $85,000

    Job Description">We are seeking a highly experienced and skilled professional to lead the design, implementation, and administration of our cloud infrastructure and Microsoft 365 ecosystem. This role is crucial for advancing our cloud transformation strategy and ensuring secure, scalable, and resilient IT operations.The ideal candidate will have a minimum of...