Job Statement :

cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages are tailored to client needs and budgets, with external threat analysis provided at no costdemocratizing access to enterprise-grade cybersecurity for all.

We are looking for a high-energy, results-oriented GRC professional with 6 to 10 years of experience, combining expertise in IT and Governance, Risk, and Compliance (GRC). The candidate will report directly to the CISOs office and contribute to internal audits and projects executed under CISOs instructions.

Key Responsibilities :

- Serve as a subject matter expert on information and cybersecurity governance, risk, and compliance (GRC) services and solutions.

- Execute security assessments of on-premise/cloud IT environments aligned with business objectives and regulatory requirements.

- Conduct testing and validation of IT security controls, documenting findings and preparing detailed reports.

- Manage and perform internal audits as per the CISOs directives, contributing to risk posture improvements and present the metrics to the CISO on a regular basis.

- Apply knowledge of the Digital Personal Data Protection Act, 2023, and other global data protection laws.

- Utilize and manage GRC tools and platforms.

- Conduct security control assessments for web/mobile applications and enterprise systems.

- Drive third-party risk management and support client-facing initiatives.

- Deliver complex GRC projects in dynamic, fast-paced environments.

- Engage in knowledge-sharing forums to strengthen team capabilities.

- Continuously enhance the cybersecurity strategy based on evolving threats and technologies.

Mandatory Certification :

- Must possess CISA or ISO 27001 Lead Auditor certification.

Additional certifications preferred :

- ISO 27001 Lead Implementer

- CISSP, CIPP, CCSK, or CCSP

- Public Cloud certifications (AWS, Azure, GCP)

- 6 to 10 years of total experience with proven exposure to both IT and GRC functions.

- Experience in internal audits, consulting, and cybersecurity risk advisory.

- Deep understanding of information security principles and compliance frameworks.

- Strong understanding of the IT topology and application development principles

- Hands-on experience with security tools (e.g., vulnerability scanners, code review platforms).

- Strong exposure to IT/cybersecurity standards : ISO 27001/27005, NIST CSF, PCI DSS, SOC 1/2, GDPR, COBIT.

- Excellent communication skills, documentation abilities, and stakeholder engagement.

- Experience in program and project management within cybersecurity initiatives.