Information Security GRC Specialist

Key Goal:

The ideal candidate will identify, manage, and prioritize information security and cybersecurity risk across the organization, and ensure information security policies and regulatory requirements implementation, interpretation, and compliance.

Roles and Responsibilities: 

• Acting as a subject-matter expert on relevant compliance and regulatory frameworks (e.g., ISO standards, PCI, etc.), and staying on top of industry’s best practices.
• Engaging in risk management and updating playbooks to align with current industry standards, regulatory changes, and best practices.
• Conducting compliance audits to ensure adherence to cybersecurity standards and regulations.
• Provides guidance and support to internal project teams to ensure new systems, applications, or processes are designed and implemented in accordance with Information Security policies and standards.
• Engaging in Third-Party Risk Management (TPRM) by analyzing and minimizing risks associated with outsourcing to third-party vendors or service providers.
• Monitors and tracks remediation efforts for identified non-compliance issues to ensure timely resolution, including managing policy exceptions and violations.
• Assisting with related security documentations.
• Conducting security awareness and training.
• Engaging in regulatory change management to make sure the company’s policies and practices are adjusted following regulatory updates.
• Preparing reports and documentation of compliance findings and security gaps.
• Support cybersecurity operations in configuring security tools and systems such as firewalls, anti-virus, or other related solutions, and analyzing security requirements and recommending improvements.
• Developing and implementing controls to address cybersecurity and compliance needs across an organization.
• Providing after-hours and weekend support whenever required.
• Staying up to date with the latest cybersecurity threats and vulnerabilities.

Education, Experience & Qualifications:

• Bachelor’s Degree in computer science, cyber security, or related fields.
• 3 years of experience in information security or similar role.
• Strong understanding of ISO27001, PCI DSS, NIST CSF, and other related standards and frameworks.
• Availability to work flexible hours in a 24/7/365 environment.
• Working knowledge of security architectures and devices.
• Working knowledge of technology and security topics including operating systems, network security, protocols, application security, infrastructure hardening and security baselines.
• Ability to communicate and collaborate with interdisciplinary teams across multiple areas of the business in all required compliance matters.
• Self-motivated and quick learner.
• Excellent communication skills both verbal and written.
• Ability to multitask, learn new technologies in a fast-paced energized environment.