GRC Specialist

Direct message the job poster from Descon

HR Professional | Talent Acquisition | Employee Engagement | Workforce Planning | Talent Management | Recruitment Strategy | Performance Management |…

Job Summary:

We are seeking a skilled Information Security Specialist to develop, implement, and maintain an Information Security Management System (ISMS) in line with ISO 27001 standards. The role involves collaborating with internal stakeholders and third-party security partners to establish robust security policies, implement GRC (Governance, Risk, and Compliance) controls, and conduct regular security assessments to protect the organization's systems and data.

Key Responsibilities:ISMS & Security Governance:

• Develop and implement an Information Security Management System (ISMS) aligned with ISO 27001.
• Coordinate with third-party security partners to develop corporate information security policies and standards and ensure continuous monitoring of security controls, KRIs, and KPIs.
• Ensure compliance with industry security frameworks, including NIST CSF & CIS Critical Security Controls.
• Assist in the implementation of GRC controls and measures, performing audits and assessments to mitigate security risks.

Risk Management & Compliance:

• Identify, communicate, and manage emerging security threats and vulnerabilities with key stakeholders.
• Implement firewalls, endpoint security, SIEM, SOC, EDR/XDR, and mobility management tools to enhance security.
• Conduct risk assessments, security audits, vulnerability scans, and penetration tests to validate security effectiveness.
• Work with internal IT teams to adopt security best practices and ensure compliance with security policies.

Security Operations & Incident Management:

• Monitor security systems and network performance to detect irregular activity and potential security incidents.
• Collaborate with Managed Security Service Providers (MSSP) to conduct and review security assessments, including penetration testing and vulnerability scanning.
• Use data encryption, firewalls, and security applications to protect digital information.
• Validate IT infrastructure and recommend security enhancements to reduce risks and strengthen security posture.

Business Continuity & Disaster Recovery:

• Work with third-party security partners and internal IT teams to develop Business Continuity and Disaster Recovery (BCDR) Plans and conduct regular drills.
• Review, establish, and implement effective disaster recovery strategies.

Security Awareness & Training:

• Conduct information security awareness training for employees and ensure adherence to security best practices.
• Promote a security-first culture within the organization.

Qualifications & Experience:

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3+ years of experience in information security operations, risk management, and compliance.
• Strong understanding of ISO 27001, NIST CSF, CIS Critical Security Controls, ITIL, and COBIT.
• Expertise in firewalls, endpoint security, SIEM, SOC, EDR/XDR, mobility management, vulnerability scanning, and penetration testing.
• Certified professionals preferred (CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor).
• Experience working with certified security professionals, auditors, and SOC analysts.
• Strong analytical, problem-solving, and communication skills.

Preferred Skills:

• Knowledge of cloud security, DevSecOps, and threat intelligence.
• Experience in working with security vendors, MSSPs, and security consulting firms.
• Ability to design and implement risk treatment plans for complex security environments.

Why Join Us?

• Opportunity to work with cutting-edge security technologies and industry best practices.
• Collaborative and fast-paced work environment.
• Continuous learning and professional growth opportunities.

If you have a passion for cybersecurity and want to play a critical role in safeguarding an organization's digital assets, we'd love to hear from you

Apply Now

Recruitment@descon.com

Seniority level

• Mid-Senior level

Employment type

• Full-time

#J-18808-Ljbffr

---