We are seeking a highly experienced Information Security Expert with strong technical expertise and solid background in Governance, Risk & Compliance (GRC). The role is primarily hands-on, supporting security architecture, risk management, and security operations across enterprise environments.
Key Responsibilities
Technical Security
- Design and review secure architectures (network, cloud, applications) using defense-in-depth and zero-trust principles
- Perform vulnerability assessments, support penetration testing, and drive remediation
- Review and validate security configurations across infrastructure, endpoints, and cloud platforms
- Provide technical guidance on security tools (SIEM, EDR, firewalls, etc.)
- Stay updated on emerging threats and recommend improvements
Risk Management & GRC
- Conduct enterprise-wide security risk assessments and maintain risk register
- Develop and track risk mitigation plans aligned with business priorities
- Ensure compliance with frameworks such as ISO 27001, NIST, CIS Controls
- Develop and review security policies, standards, and procedures
- Support audits, compliance reviews, and third-party/vendor risk assessments
Security Operations Support
- Work closely with SOC for monitoring, detection, and incident response
- Support incident investigations, RCA, and remediation
- Optimize SIEM alerts and security monitoring rules
- Participate in DR drills and security readiness exercises
Required Qualifications
- Bachelor’s degree in IT / Computer Science / Information Security
- 8+ years of experience in Information Security (technical experience preferred)
- Mandatory experience in GRC, governance, compliance, and policy frameworks
- Strong knowledge of ISO 27001, NIST, CIS Controls
- Hands-on experience with security tools, vulnerability management, and security operations
- Certifications such as CISSP, CISM, CEH, ISO 27001 LI/LA preferred
- Cloud security exposure (AWS / Azure / GCP) is a plus
