Information Security Specialist - IT Audit & Compliance (6-8 yrs)

JOB MISSION

We are looking for an experienced Information Security Specialist to join our team and ensure the security of our information systems. The ideal candidate will have a deep understanding of information security practices, risk management, and cybersecurity technologies. In this role, you will be responsible for implementing and managing security measures to protect sensitive data, prevent unauthorized access, and ensure compliance with industry standards and regulations.

QUALIFICATIONS :

Experience :

- 6 to 8 years of experience in information security, cybersecurity, or a related field.

- Strong knowledge of security frameworks, standards, and best practices (e.g., ISO27001, NIST, CIS).

- Experience with security tools and technologies such as firewalls, intrusion detection/prevention systems (IDS/IPS), SIEM, and endpoint protection.

- Proficiency in conducting security assessments, vulnerability scans, and penetration testing.

- Familiarity with encryption, identity and access management (IAM), and cloud security.

Skills :

- Excellent problem-solving and analytical skills.

- Strong communication and collaboration abilities, capable of working with both technical and non-technical teams.

- Attention to detail and a proactive approach to identifying and addressing security risks.

DUTIES :

Security Strategy and Implementation :

- Develop, implement, and maintain comprehensive information security policies, procedures, and guidelines.

- Design and execute security strategies to protect company assets, including networks,systems, and data.

- Lead security audits, assessments, and penetration testing to identify vulnerabilities and ensure compliance with security standards.

Risk Management :

- Conduct risk assessments to identify potential security threats and vulnerabilities.

- Develop and implement risk mitigation strategies to reduce exposure to cyber threats.

- Monitor and respond to security incidents, including malware infections, data breaches, and unauthorized access.

Compliance and Governance :

- Ensure compliance with relevant security regulations, standards, and frameworks (e.g., GDPR, ISO 27001, NIST).

- Maintain up-to-date knowledge of industry best practices and legal requirements related to information security.

- Prepare and present reports on security metrics, incidents, and risk management activities to senior management.

Security Awareness and Training :

- Develop and deliver security awareness training programs for employees to promote a culture of security within the organization.

- Provide guidance and support to IT teams and other departments on security best practices and threat prevention.

Incident Response and Management :

- Lead the incident response process, including investigation, containment, eradication, and recovery.

- Document security incidents, analyze root causes, and implement corrective actions to prevent future occurrences.

Collaboration and Communication :

- Collaborate with IT, legal, and compliance teams to address security concerns and align security measures with business objectives.

- Communicate complex security concepts clearly to both technical and non-technical stakeholders.

MINIMUM REQUIRED EDUCATION & EXPERIENCE :

- Bachelor's / Master's degree in Computer Science, Information Technology, Cybersecurity, or a related field.

PREFERRED EDUCATION & EXPERIENCE

- Relevant certifications such as CISSP, CISM, CEH, or ISO 27001 Lead Auditor are preferred.