Lead IT Security and Compliance engineer

Job Description

The Job… 

• Risk Assessments & Management: Conduct regular information security risk assessments and assist in the development and updating of the company's risk register.
• Policy Development & Maintenance: Collaborate with key stakeholders to draft, review, and update security and GRC-related policies and procedures.
• Incident Response: Participate in incident response planning and execution. Analyze security breaches to identify root cause and recommend corrective actions.
• Compliance Audits: Assist in the preparation and coordination of internal and external compliance audits. Manage evidence collection. Address findings and coordinate remediation efforts.
• Security Awareness & Training: Contribute to the design and delivery of security awareness programs for staff.
• Technical Solutions: Evaluate, recommend, approve, and implement security tools and solutions in line with the company's needs, architecture, and established patterns.
• Continuous Monitoring: Monitor security access and firewall logs, investigate anomalies, and escalate security incidents.
• Reporting: Generate regular security and GRC reports for senior management, highlighting trends, risks, and recommendations.
• Collaboration: Work closely with IT, legal, and other departments to ensure aligned security and compliance efforts.
• Vendor Management: Assists with vendor security reviews with a security, privacy and compliance lens.

You… 

• Bachelor's degree in Information Technology, Computer Science, or a related field.
• 3-5 years of experience in information security and GRC roles.
• Relevant certifications are a plus, such as CISSP, CISA, CRISC, or CISM.
• Must demonstrate initiative and ability to drive results with little oversight.
• Must demonstrate strong written and verbal communication skills and consistent follow-through in all efforts.
• Demonstrated knowledge of risks management, including analysis of threats and vulnerabilities, control suitability, corrective actions, and monitoring
• Practical experience with risk assessment tools and methodologies.
• Strong written and verbal communication skills, with a track record of developing and maintaining risk-related policies.
• Familiarity with global and regional regulations, and ability to translate them into internal policies.
• Proven ability to respond to and resolve incidents quickly and effectively.
• Experience with incident analysis, resolution procedures, and related tools.
• Hands-on experience in conducting and managing compliance audits of standards, frameworks, audit methodologies and best practices (e.g. NIST, CIS, PCI, HITECH, ISO 27001/2, SOC1, SOC2)
• Experience with design and implementation of risk and security training programs.
• Proficiency in assessing, selecting, deploying, and managing technologies and solutions.
• Experience in cloud platforms (e.g. AWS, GCP, Azure).
• Experience with common security tools and solutions (e.g., SIEM, IDS/IPS, Firewalls, CSPM, SSPM).
• Track record of generating detailed risk reports that offer valuable insights and actionable recommendations.
• Analytical mindset and ability to derive meaningful conclusions from complex data sets.
• Demonstrated collaborative skills with a history of working effectively across diverse teams to ensure a cohesive approach to security, risk management and compliance.
• Familiar with foundational elements of software development and cloud computing and standard approaches to securing them.
• Project management skills to drive initiatives from start to finish, managing aspects of design, delivery, and control