Senior Specialist- Information Security

Position Purpose:

Support the Information Security function to ensure the security of information assets and help in all assurance activities related to the availability, integrity and confidentiality of the customers, business partners, employees and business information, in compliance with the organization information security policies and standards.

Role description:

Information Security Strategy & Governance

• Develop and implement security strategies and policies aligned with industry standards (e.g., NIST, ISO 27001, CIS) to protect the organization’s data and information systems.
• Advise on security governance and assist in ensuring compliance with regulations (e.g., GDPR, CCPA, HIPAA) and internal security standards.
• Perform security audits and risk assessments to identify vulnerabilities and implement mitigating controls.
• Monitor and track compliance with internal security policies, procedures, and controls.

Risk Management & Incident

• Response Conduct regular risk assessments to identify potential security threats and vulnerabilities across the organization’s IT infrastructure.
• Lead the response to security incidents, ensuring effective containment, investigation, and remediation.
• Coordinate with stakeholders to prepare and update incident response plans and conduct regular tabletop exercises to ensure preparedness.
• Ensure the organization’s data privacy and security policies are continually updated to reflect evolving cybersecurity threats.

Security Architecture & Design

• Collaborate with IT and development teams to design and implement secure system architectures and security protocols.
• Evaluate and recommend security tools, solutions, and technologies that enhance the security posture of the organization.
• Provide input into system and network designs to ensure security best practices are implemented.

Security Operations & Monitoring

• Oversee and manage the monitoring of network traffic, systems, and applications for signs of security breaches and vulnerabilities.
• Implement security measures such as firewalls, intrusion detection systems (IDS), encryption, and access controls.
• Work with IT and security teams to ensure effective patch management, vulnerability scanning, and threat intelligence analysis.
• Continuously monitor emerging security threats and trends to proactively address potential risks.

Training & Awareness

• Lead the development and implementation of information security awareness training programs for employees at all levels.
• Educate staff on security best practices, policies, and procedures to reduce human risk factors (e.g., phishing attacks, social engineering).
• Provide mentoring and guidance to junior information security staff and other internal stakeholders.

Vendor & Third-Party Risk Management

• Assess and manage the security risks associated with third-party vendors, ensuring compliance with security standards and policies.
• Conduct third-party security assessments and audits to ensure that vendors meet the organization's security requirements.

Reporting & Documentation

• Prepare and present regular security reports and risk assessments to senior leadership, providing recommendations for improvement.
• Maintain and update security documentation, including incident logs, vulnerability assessments, risk management plans, and security policies.

Job specific knowledge and Skills:

• In-depth knowledge of Information Security Governance, Risk Management, and Compliance (GRC).
• Experience with Vulnerability Management, Penetration Testing (VAPT), and Secure SaaS Product Development.
• Strong understanding of SaaS security, cloud security architectures, and DevSecOps methodologies.
• Familiarity with ISO 27001, NIST Cybersecurity Framework, CIS Controls, SOC 2, GDPR, and PCI DSS.
• Ability to engage, influence, and collaborate with senior executives, IT teams, and product teams.
• Strong communication and reporting skills, ensuring executive stakeholders (including the CFO) understand key security risks and required actions.
• Ability to bridge the gap between security, compliance, and business competitiveness in SaaS development.

Qualifications And Relevant Roles/Experience:

• Minimum of 5-7 years of experience in information security or cybersecurity, with at least 3 years in a senior or specialized role.
• Proven experience with security technologies, including firewalls, encryption, SIEM tools, IDS/IPS, and endpoint security solutions.
• Experience conducting risk assessments, vulnerability management, and security audits.
• Experience with regulatory requirements such as GDPR, HIPAA, PCI-DSS, or SOX.
• Familiarity with incident response, forensics, and disaster recovery planning.