Hiring at Descon!

We are looking for a GRC Specialist for our IT function at Descon.

A skilled Information Security Specialist to develop, implement, and maintain an Information Security Management System (ISMS) in line with ISO 27001 standards. The role involves collaborating with internal stakeholders and third-party security partners to establish robust security policies, implement GRC (Governance, Risk, and Compliance) controls, and conduct regular security assessments to protect the organization’s systems and data.

Key Responsibilities:

ISMS & Security Governance:
-Develop and implement an Information Security Management System (ISMS) aligned with ISO 27001.
-Coordinate with third-party security partners to develop corporate information security policies and standards and ensure continuous monitoring of security controls, KRIs, and KPIs.
-Ensure compliance with industry security frameworks, including NIST CSF & CIS Critical Security Controls.
-Assist in the implementation of GRC controls and measures, performing audits and assessments to mitigate security risks.

Risk Management & Compliance:

-Identify, communicate, and manage emerging security threats and vulnerabilities with key stakeholders.
-Implement firewalls, endpoint security, SIEM, SOC, EDR/XDR, and mobility management tools to enhance security.
-Conduct risk assessments, security audits, vulnerability scans, and penetration tests to validate security effectiveness.
-Work with internal IT teams to adopt security best practices and ensure compliance with security policies.

Security Operations & Incident Management:

-Monitor security systems and network performance to detect irregular activity and potential security incidents.
-Collaborate with Managed Security Service Providers (MSSP) to conduct and review security assessments, including penetration testing and vulnerability scanning.
-Use data encryption, firewalls, and security applications to protect digital information.

Qualifications & Experience:

Bachelor’s degree in Computer Science, Information Security, or a related field.
-3+ years of experience in information security operations, risk management, and compliance.
-Strong understanding of ISO 27001, NIST CSF, CIS Critical Security Controls, ITIL, and COBIT.
-Expertise in firewalls, endpoint security, SIEM, SOC, EDR/XDR, mobility management, vulnerability scanning, and penetration testing.
-Certified professionals preferred (CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor).
-Experience working with certified security professionals, auditors, and SOC analysts.

Preferred Skills:

-Knowledge of cloud security, DevSecOps, and threat intelligence.
-Experience in working with security vendors, MSSPs, and security consulting firms.
-Ability to design and implement risk treatment plans for complex security environments.

📩 Apply Now!
recruitment@descon.com