Job Description

Governance, Risk, and Compliance (GRC) Specialist

• Perform information security audits
• Develop and maintain security testing plans
• Develop meaningful metrics to reflect the true posture of the information security to make educated decisions based on risk
• Assist with development and delivery of security awareness training
• Carry out risk assessments, identifying controls and monitoring controls against objectives and KPI metrics
• Document, update, and implement security policies, procedures, and other related documents
• Inform and advise team members about obligations to comply with the GDPR and other data protection laws

Required skills and qualifications:

• In-depth knowledge of ISO 27001, ISO 27005, ISO 27701, ISO 20000, ISO 22301 and SOC2 standards
• In-depth knowledge of Information Security Risk Management lifecycle
• S. in Computer Science or Information Systems
• Minimum 3+ years of process documentation experience
• CISA, CISM, or CISSP certified
• Strong knowledge of IT systems, IT technologies, etc.
• Excellent verbal and written communication skills
• Good interpersonal skills