Information Security GRC Specialist

The Information Security GRC Specialist is responsible for executing day-to-day security and governance activities, such as monitoring compliance with security policies, supporting vulnerability management efforts, and conducting IT security assessments.

KEY FUNCTIONS

• Support the implementation and maintenance of governance frameworks to ensure best practices are applied. Following IT Security Analyst and Governance Analyst advices.
• Assist in developing, implementing, and enforcing policies and procedures to ensure compliance and security across the organization. Assuring compliance after IT tools have been chosen.
• Help to manage regular risk assessments to identify potential risks and vulnerabilities and supports the IT Security Analyst with the development of mitigation strategies.
• Monitor compliance with internal policies and external regulations, assisting in audits and ensuring the organization meets all legal and regulatory requirements.
• Ensure the life cycle, and capacity plan for all security and corporate technology components.
• Assist in identifying, assessing, and managing vulnerabilities in the infrastructure, working closely with the IT Security Analyst and understanding CSIRT reports.
• Maintain detailed documentation of governance and security activities, and prepares reports on compliance status, risk assessments, and security metrics.
• Work closely with the IT Security Analyst and Governance Analyst, to ensure alignment in security and governance activities of Cellnex.
• Assist in developing and delivering training programs to educate employees on governance and security best practices, also, works for self-improvement.
• Identify opportunities for improving governance and security processes and supports the implementation of changes to enhance efficiency and effectiveness. Also, work in self-improvement.

Education :

• University's degree in Computer Science, Information Security, Information Technology, or a related field.
• CompTIA Security+, CISA, CISM, CISSP and Lead Auditor / Implementer ISO 27001 or similar certifications are advantageous.

Relevant Professional Experience

• 2-3 years of experience in IT security, governance, risk, and compliance, or a related technical role.
• Knowledge of main security principles and assuring compliance, IT security and governance and risk management.
• Basic knowledge of IT infrastructure, network security, incident response, and governance frameworks.
• Familiarity with standards and frameworks such as ISO 27001, NIST, and regulatory requirements.

Other relevant Skills or Characteristic

• Ability to maintain accurate records, logs, and documentation essential for compliance and reporting.
• Skilled at identifying security risks, analysing complex data, and troubleshooting security issues.
• Effective communicator with the ability to explain security concepts to both technical and non-technical stakeholders.

ABOUT US

Be part of a large and growing technology company that is redefining the future of telecoms.

We are the European leader in telecommunications infrastructure and technological innovation, a company with strong geographic expansion and ambitious plans for sustainable global growth.

We help people connect and interact with the world, working with passion, honesty and integrity. We are united by our pride and conviction to make a positive impact on society.

A world of professional opportunities. Join a multidisciplinary team that is committed to constant innovation in each business area, pushing the limits and creating value for our stakeholders and society.

We promote Equity, Diversity and Inclusion through inclusive leadership, fostering an environment where each and every one of us is appreciated for who we are, whatever our differences.

J-18808-Ljbffr