Information Security & Compliance Specialist

We are seeking a motivated and detail-oriented Information Security professional to support the Chief Information Security Officer (CISO) and the broader Security & Compliance function in maintaining and continuously improving the organization's information security, compliance, governance, and risk management programs.

The successful candidate will work closely with the CISO and cross-functional teams to support compliance initiatives, certification programs, risk management activities, client security assessments, and security governance processes. This role is ideal for professionals seeking to develop their expertise in information security governance, risk, compliance, and audit activities within a leading Managed Security Services Provider (MSSP).

Key Responsibilities

• Support the CISO and the Security & Compliance function in maintaining and improving the organization's information security governance framework.
• Assist in risk assessments, risk treatment activities, vulnerability management oversight, and remediation tracking.
• Support the organization's incident management process, including incident documentation, reporting, lessons learned activities, and tracking of corrective actions.
• Support the maintenance of certification and assurance programs, including ISO/IEC 27001, ISO 22301, ISO 9001, PCI-DSS, CREST, DESC, and other applicable schemes, including preparation for internal, external, and certification audits.
• Support compliance initiatives related to applicable regulatory, contractual, and customer requirements, including NIS2, DORA, GDPR, and other relevant frameworks.
• Contribute to the development, implementation, review, and maintenance of information security policies, procedures, standards, and supporting documentation.
• Assist in third-party and supplier security assessments, due diligence activities, and ongoing compliance monitoring.
• Prepare reports, dashboards, metrics, and management presentations for the CISO and senior stakeholders.
• Maintain accurate documentation related to security controls, risk assessments, audit findings, corrective actions, and compliance activities.
• Support internal and external audits, certification assessments, and client security reviews.
• Collaborate with IT, Engineering, Operations, HR, Legal, and other business functions to promote and integrate security and compliance requirements.
• Support the development and maintenance of security awareness and training materials related to information security, compliance, and regulatory obligations.
• Monitor regulatory developments, emerging threats, industry trends, and best practices relevant to the organization's security and compliance programs.
• Support the CISO in preparing and reviewing responses to client security inquiries, due diligence assessments, audits, questionnaires, and RFPs, ensuring alignment with organizational security controls and compliance frameworks.

Required Qualifications

• Bachelor's degree in Information Security, Computer Science, Information Technology, Business Information Systems, or a related field.
• Minimum 3–5 years of experience in information security, compliance, risk management, governance, audit, or related roles.
• Good understanding of information security and risk management frameworks, including ISO/IEC 27001, ISO 22301, ISO 9001, ISO 31000, NIST Cybersecurity Framework, or CIS Controls.
• Experience supporting audits, certification programs, compliance initiatives, or governance activities.
• Familiarity with regulatory and compliance requirements such as NIS2, DORA, GDPR, PCI-DSS, or similar frameworks.
• Strong organizational, analytical, documentation, and problem-solving skills.
• Excellent verbal and written communication skills in English.
• Ability to manage multiple priorities and work effectively in a dynamic environment.

Preferred Qualifications

• Relevant industry certifications (e.g., ISO 27001 Lead Implementer/Auditor, ISO 22301 Lead Implementer/Auditor, Security+, CySA+, CEH).
• ISACA certifications are a plus (e.g., CISM, CISA, CRISC).
• Experience supporting information security governance, compliance, risk management, audit, certification, or assurance activities within a cybersecurity company, MSSP, consulting, or regulated environment.
• Knowledge of cloud security principles and services (AWS, Azure, or GCP).
• Experience with Governance, Risk & Compliance (GRC) platforms and related workflows is a plus.

Key Competencies

• Strong analytical and problem-solving skills.
• Excellent written and verbal communication skills.
• Attention to detail and structured thinking.
• Strong documentation and reporting capabilities.
• Ability to communicate technical concepts to non-technical stakeholders.
• Proactive mindset with a willingness to learn and develop.
• Ability to work under pressure and manage multiple priorities.
• Strong collaboration and stakeholder management skills.

Benefits

• Competitive salary and performance-based bonuses
• Opportunity to work directly with the CISO and gain strategic exposure
• Professional development opportunities and certifications
• Flexible work schedule and semi-remote work options
• Collaborative and innovative work environment