Information Security Officer

Permanent role

Responsibilities:

• Establish and upkeep a structured GRC framework with industry-aligned controls to address specific business threats.
• Evaluate, prioritize, and revise existing IT security policies to align with compliance standards.
• Conduct risk assessments for new IT projects, identifying potential vulnerabilities and recommending protective measures.
• Lead to ensure effective governance through the Third Party Risk Management program.
• Continuously assess the effectiveness of GRC standards in mitigating IT risk.
• Collaborate with Internal Audit and IT teams to maintain compliance with company IT security policies.
• Define GRC framework metrics, maintain a management dashboard, and generate an annual GRC framework compliance report for executives.
• Provide training and support to management and employees on GRC programs.
• Partner with internal and third-party IT security experts to stay updated on industry trends, controls, and security technologies.

Preferred Qualifications:

• A technical bachelor's degree (e.g., Computer Science, MIS, Engineering, or Mathematics) is highly desirable.
• Experience in establishing, implementing, and maintaining a GRC framework in a diverse business setting.
• Practical experience in assessing compliance with common standards like ISO 27001/27002/27005 and IT security risk frameworks such as the NIST Cybersecurity Framework.
• Proficiency in IT risk modeling.
• Strong problem-solving skills, including the ability to create innovative risk management solutions.
• Effective and precise English communication skills for job requirements.
• Strong work habits, a diligent work ethic, quick adaptability to new technology, and adherence to company policies and professional etiquette.
• Experience in network, host, data, or application security.
• Knowledge of security methodologies.
• Familiarity with security tools and concepts.

Information Security Responsibilities:

• Monitor security logs for system and network irregularities and perform initial analysis.
• Respond to suspicious incidents reported by users.
• Evaluate firewall change requests and assess risks, including email security monitoring.
• Collect and analyze logs from various security tools.
• Support IT operations with remediation and application events.
• Conduct initial forensic assessments of internal systems.
• Assist in log collection from various sources.
• Communicate technical assessment outcomes and assist in policy development.
• Identify and address configuration changes affecting event collection.
• Prepare reports on analysis methods.
• Maintain Standard Operating Procedures.

Offered benefits:

• Competitive salary, bonus, fixed expense allowance, and working from home allowance.
• 30 vacation days (full-time basis) with the option to buy or sell days.
• Travel expense reimbursement with an NS business card or travel allowance.
• Provided laptop and iPhone for both professional and personal use.