Information Security Expert

About

We are seeking a highly experienced Information Security Expert with strong technical expertise and solid background in Governance, Risk & Compliance (GRC). The role is primarily hands‑on, supporting security architecture, risk management, and security operations across enterprise environments.

Key Responsibilities

Technical Security

• Design and review secure architectures (network, cloud, applications) using defense‑in‑depth and zero‑trust principles
• Perform vulnerability assessments, support penetration testing, and drive remediation
• Review and validate security configurations across infrastructure, endpoints, and cloud platforms
• Provide technical guidance on security tools (SIEM, EDR, firewalls, etc.)
• Stay updated on emerging threats and recommend improvements

Risk Management & GRC

• Conduct enterprise‑wide security risk assessments and maintain risk register
• Develop and track risk mitigation plans aligned with business priorities
• Ensure compliance with frameworks such as
• ISO 27001, NIST, CIS Controls
• Develop and review security policies, standards, and procedures
• Support audits, compliance reviews, and third‑party/vendor risk assessments

Security Operations Support

• Work closely with SOC for monitoring, detection, and incident response
• Support incident investigations, RCA, and remediation
• Optimize SIEM alerts and security monitoring rules
• Participate in DR drills and security readiness exercises

Required Qualifications

• Bachelor’s degree in IT / Computer Science / Information Security
• 8+ years of experience in Information Security (technical experience preferred)
• Mandatory experience in
• GRC, governance, compliance, and policy frameworks
• Strong knowledge of
• ISO 27001, NIST, CIS Controls
• Hands‑on experience with
• security tools, vulnerability management, and security operations
• Certifications such as
• CISSP, CISM, CEH, ISO 27001 LI/LA
• preferred
• Cloud security exposure (AWS / Azure / GCP) is a plus