Information Security / GRC Specialist in NDA Recruitment

About the role

We are looking for an Information Security / GRC Specialist to join the implementation and development of an information security management system (ISMS) in accordance with the ISO/IEC 27001 standard.

This role focuses on governance, risk management and compliance processes in the field of information security. Responsibilities will include developing and maintaining information security policies and procedures, conducting risk assessments, participating in the implementation of security controls, and preparing the organization for internal and external audits.

You will collaborate with technical teams, management and business process owners to ensure effective implementation and compliance with information security requirements in the company.

Responsibilities

• Support implementation and further development ISMS according to ISO/IEC 27001
• Development and maintenance of information security policies, procedures and standards
• Conducting information security risk assessments for business processes, assets and projects
• Participation in internal and external audits, including preparation of supporting documentation and control of implementation of remediation plans comments
• Assist in defining and implementing security controls and risk mitigation measures
• Maintain and maintain ISMS documentation (risk registers, policies, procedures, compliance records)
• Monitor compliance with internal security policies and regulatory requirements
• Participate in employee awareness programs regarding information security security
• Assist in the preparation of documentation and conducting business continuity exercises (BIA, BCP, DRP) as needed

Requirements

• 2-4 years of experience in the field of information security, risk management, compliance or GRC
• Practical experience working with information security policies, procedures and documentation security
• Understanding principles of information security risk management
• Familiarity with the ISO/IEC 27001:2022 standard and experience implementing or supporting ISMS
• Experience preparing documentation for internal or external audits
• Strong analytical, organizational and documentation skills skills
• Ability to interact effectively with both technical and non-technical stakeholders

Desirable

• Experience participating in ISO 27001 certification or compliance projects
• Knowledge of other frameworks and standards (NIST, SOC 2, GDPR, ISO 27005)
• Understanding of business continuity concepts (BIA, BCP, DRP)
• Experience with GRC tools or compliance management platforms
• Certifications related to ISO 27001 (Lead Implementer, Lead Auditor, Foundation)