Senior Information Security Strategist

Job Summary:

We are seeking a highly skilled Information Security Specialist to develop, implement, and maintain an Information Security Management System (ISMS) in line with ISO 27001 standards. The ideal candidate will have strong expertise in security governance, risk management, and compliance.

The role involves collaborating with internal stakeholders and third-party security partners to establish robust security policies, implement GRC (Governance, Risk, and Compliance) controls, and conduct regular security assessments to protect the organization's systems and data.

• Information Security Governance:
  • Develop and implement an Information Security Management System (ISMS) aligned with ISO 27001 standards.
  • Coordinate with third-party security partners to develop corporate information security policies and standards and ensure continuous monitoring of security controls, KRIs, and KPIs.
  • Ensure compliance with industry security frameworks, including NIST CSF & CIS Critical Security Controls.
  • Assist in the implementation of GRC controls and measures, performing audits and assessments to mitigate security risks.
• Risk Management & Compliance:
  • Identify, communicate, and manage emerging security threats and vulnerabilities with key stakeholders.
  • Implement firewalls, endpoint security, SIEM, SOC, EDR/XDR, and mobility management tools to enhance security.
  • Conduct risk assessments, security audits, vulnerability scans, and penetration tests to validate security effectiveness.
  • Work with internal IT teams to adopt security best practices and ensure compliance with security policies.
• Security Operations & Incident Management:
  • Monitor security systems and network performance to detect irregular activity and potential security incidents.
  • Collaborate with Managed Security Service Providers (MSSP) to conduct and review security assessments, including penetration testing and vulnerability scanning.
  • Use data encryption, firewalls, and security applications to protect digital information.
  • Validate IT infrastructure and recommend security enhancements to reduce risks and strengthen security posture.
• Business Continuity & Disaster Recovery:
  • Work with third-party security partners and internal IT teams to develop Business Continuity and Disaster Recovery (BCDR) Plans and conduct regular drills.
  • Review, establish, and implement effective disaster recovery strategies.
• Security Awareness & Training:
  • Conduct information security awareness training for employees and ensure adherence to security best practices.
  • Promote a security-first culture within the organization.

• Bachelor's degree in Computer Science, Information Security, or a related field.
• 3+ years of experience in information security operations, risk management, and compliance.
• Strong understanding of ISO 27001, NIST CSF, CIS Critical Security Controls, ITIL, and COBIT.
• Expertise in firewalls, endpoint security, SIEM, SOC, EDR/XDR, mobility management, vulnerability scanning, and penetration testing.
• Certified professionals preferred (CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor).
• Experience working with certified security professionals, auditors, and SOC analysts.
• Strong analytical, problem-solving, and communication skills.

• Knowledge of cloud security, DevSecOps, and threat intelligence.
• Experience in working with security vendors, MSSPs, and security consulting firms.
• Ability to design and implement risk treatment plans for complex security environments.

About This Role:

• Opportunity to work with cutting-edge security technologies and industry best practices.
• Collaborative and fast-paced work environment.
• Continuous learning and professional growth opportunities.