IT GRC Security Specialist

Our client is an international tech consulting company with +25 years of experience offering solutions to support companies' businesses and digital transformation.

Responsibilities:

• Support the Information Security Officer (ISO) in rolling out the companys cybersecurity strategy and program.
• Assist in the development and deployment of a risk management framework that aligns with corporate objectives and policies.
• Ensure cybersecurity risk practices are integrated with the organizations overall risk management structure.
• Offer expert guidance on risk identification, assessment, and mitigation within both IT and OT environments.
• Evaluate the effectiveness of existing security controls across technical infrastructures.
• Continuously monitor cyber risks by assessing controls, asset vulnerabilities, threat landscapes, and security incident data.
• Provide regular updates on emerging risks and trends to risk owners and relevant governance bodies.
• Create and maintain comprehensive security documentation, including policies, processes, guidelines, contractual clauses, and control libraries.
• Design and maintain a harmonized IT/OT security architecture aligned with long-term cybersecurity goals.
• Build a centralized repository of security architecture components such as principles, terminology, service models, frameworks, and reference standards.
• Assist operational teams in identifying cybersecurity needs and risks in new services, systems, and development initiatives.
• Lead awareness and training programs to build a security-first culture across all levels of the organization.
• Supply evidence of risk oversight and control implementation for audits and compliance reviews.
• Report on the status and development of security initiatives to key business stakeholders.

Ensure adherence to security architecture principles and standards.

• Gather and analyze performance and effectiveness indicators to inform decision-making and improve security posture.

Requirements:

• Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a closely related field.
• Minimum of 3 years of experience in Information Security Governance, Risk, and Compliance (GRC) roles.
• Solid knowledge of security frameworks such as ISO 27001, ISO 27005, NIST, and IEC 62443.

Familiar with relevant regulatory standards, including GDPR, NIS2, etc.

• Hands-on experience with risk management platforms, compliance tools, and security monitoring systems.

Skilled in conducting audits, risk assessments, and control validations.

• Strong understanding of IT security fundamentals, including cloud environments and network protection.