GRC Specialist

7 days ago


Lahore, Punjab, Pakistan Descon Full time

Direct message the job poster from Descon

HR Professional | Talent Acquisition | Employee Engagement | Workforce Planning | Talent Management | Recruitment Strategy | Performance Management |…

Job Summary:

We are seeking a skilled Information Security Specialist to develop, implement, and maintain an Information Security Management System (ISMS) in line with ISO 27001 standards. The role involves collaborating with internal stakeholders and third-party security partners to establish robust security policies, implement GRC (Governance, Risk, and Compliance) controls, and conduct regular security assessments to protect the organization's systems and data.

Key Responsibilities:ISMS & Security Governance:
  • Develop and implement an Information Security Management System (ISMS) aligned with ISO 27001.
  • Coordinate with third-party security partners to develop corporate information security policies and standards and ensure continuous monitoring of security controls, KRIs, and KPIs.
  • Ensure compliance with industry security frameworks, including NIST CSF & CIS Critical Security Controls.
  • Assist in the implementation of GRC controls and measures, performing audits and assessments to mitigate security risks.
Risk Management & Compliance:
  • Identify, communicate, and manage emerging security threats and vulnerabilities with key stakeholders.
  • Implement firewalls, endpoint security, SIEM, SOC, EDR/XDR, and mobility management tools to enhance security.
  • Conduct risk assessments, security audits, vulnerability scans, and penetration tests to validate security effectiveness.
  • Work with internal IT teams to adopt security best practices and ensure compliance with security policies.
Security Operations & Incident Management:
  • Monitor security systems and network performance to detect irregular activity and potential security incidents.
  • Collaborate with Managed Security Service Providers (MSSP) to conduct and review security assessments, including penetration testing and vulnerability scanning.
  • Use data encryption, firewalls, and security applications to protect digital information.
  • Validate IT infrastructure and recommend security enhancements to reduce risks and strengthen security posture.
Business Continuity & Disaster Recovery:
  • Work with third-party security partners and internal IT teams to develop Business Continuity and Disaster Recovery (BCDR) Plans and conduct regular drills.
  • Review, establish, and implement effective disaster recovery strategies.
Security Awareness & Training:
  • Conduct information security awareness training for employees and ensure adherence to security best practices.
  • Promote a security-first culture within the organization.
Qualifications & Experience:
  • Bachelor's degree in Computer Science, Information Security, or a related field.
  • 3+ years of experience in information security operations, risk management, and compliance.
  • Strong understanding of ISO 27001, NIST CSF, CIS Critical Security Controls, ITIL, and COBIT.
  • Expertise in firewalls, endpoint security, SIEM, SOC, EDR/XDR, mobility management, vulnerability scanning, and penetration testing.
  • Certified professionals preferred (CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor).
  • Experience working with certified security professionals, auditors, and SOC analysts.
  • Strong analytical, problem-solving, and communication skills.
Preferred Skills:
  • Knowledge of cloud security, DevSecOps, and threat intelligence.
  • Experience in working with security vendors, MSSPs, and security consulting firms.
  • Ability to design and implement risk treatment plans for complex security environments.
Why Join Us?
  • Opportunity to work with cutting-edge security technologies and industry best practices.
  • Collaborative and fast-paced work environment.
  • Continuous learning and professional growth opportunities.

If you have a passion for cybersecurity and want to play a critical role in safeguarding an organization's digital assets, we'd love to hear from you

Apply Now

Recruitment@descon.com

Seniority level
  • Mid-Senior level
Employment type
  • Full-time
#J-18808-Ljbffr

  • Lahore, Punjab, Pakistan Systems Limited Full time

    Systems Limited is hiring for multiple roles in Information Security. Please find the details below.Manager Information Security:8+ years of progressive experience rich experience in information security domain and at least 4-6 years of dedicated experience in Security Incident Response using SOAR solutionsProven experience in DevSecOps, automation, and...


  • Lahore, Punjab, Pakistan beBeeJob Full time

    Contour Software has grown significantly over the past decade.We are a subsidiary of a global enterprise software conglomerate that has become one of the top 10 software companies in the world, with employees and customers across 100+ countries. With a broad-based and ever-growing portfolio of market-leading, vertical-market enterprise solutions covering...

  • Product Manager

    2 weeks ago


    Lahore, Punjab, Pakistan Recruitzz Full time

    Get AI-powered advice on this job and more exclusive features.Direct message the job poster from RecruitzzTechnical Recruiter || HeadHunter || HR ExecutiveKey Responsibilities:Analyze market trends, competitors, and customer needs to define product features and unique differentiators.Collaborate with consultants and stakeholders (if applicable) to refine...

  • Portfolio Manager

    3 weeks ago


    Lahore, Punjab, Pakistan TecRec Full time

    6 days ago Be among the first 25 applicantsDirect message the job poster from TecRecCo-Founder & COO | Strategic Operations Leader | Recruitment Leader | Business Operations Strategist | Talent & Growth Specialist | HR Tech | Scaling…Location: Lahore, Pakistan.Type: Full-TimeWorking Hours: (UK Time)Salary Range: 275,000 – 350,000 (based on experience and...