The Specialist is responsible for developing, implementing, and maintaining the organization's information security governance framework. This role involves identifying and managing security risks, ensuring compliance with relevant regulations and standards. The Specialist will work closely with various departments to ensure that security policies and practices are effectively integrated into business operations.

Key Accountabilities:

• Governance: Develop, implement, and maintain information security policies, standards, and procedures to ensure compliance with regulatory requirements and industry best practices.

• Risk Management: Identify, assess, and manage information security risks. Conduct regular risk assessments and develop mitigation strategies.

• Compliance: Ensure adherence to relevant laws, regulations, and standards (e.g., GDPR, NIST, NIS, ISO 27001). Conduct assessments to verify compliance.

• Reporting: Prepare and present regular reports on the status of information security to management and CISO.

• Vendor Management: review of 3rd party vendors to ensure the security control compliance with the company’s requirements as part of the on-boarding qualification.

• other function requirements: Participate in client and internal audits as a subject matter representing the department. Also participate in answering RFI and security questionnaires send by the clients which relates to infosec.

Skills:

• Technical Proficiency: Strong understanding of information security principles, technologies, and best practices.

• Communication: Excellent written and verbal communication skills. Ability to convey technical information to non-technical stakeholders.

• Project Management: Experience in managing security projects and initiatives.

• Problem-Solving: Strong problem-solving skills and the ability to think critically.

• Attention to Detail: Meticulous attention to detail in documentation and analysis.

Knowledge and Experience:

• Experience: At least 3-5 years of experience in information security, with a focus on governance, risk, and compliance.

• Industry Knowledge: Familiarity with industry-specific regulations and standards.

Education:

• Bachelor's Degree: In Information Security, Computer Science, Information Technology, or a related field.

• Certifications: Relevant certifications such as CISSP, CISM, CRISC, or ISO 27001 Lead Implementor.