Senior Specialist- Information Security

Position Purpose

Information Security Strategy & Governance

• Develop and implement security strategies and policies aligned with industry standards (e.g., NIST, ISO 27001, CIS) to protect the organization’s data and information systems.
• Advise on security governance and assist in ensuring compliance with regulations (e.g., GDPR, CCPA, HIPAA) and internal security standards.
• Perform security audits and risk assessments to identify vulnerabilities and implement mitigating controls.
• Monitor and track compliance with internal security policies, procedures, and controls.

Risk Management & Incident

• Response Conduct regular risk assessments to identify potential security threats and vulnerabilities across the organization’s IT infrastructure.
• Lead the response to security incidents, ensuring effective containment, investigation, and remediation.
• Coordinate with stakeholders to prepare and update incident response plans and conduct regular tabletop exercises to ensure preparedness.
• Ensure the organization’s data privacy and security policies are continually updated to reflect evolving cybersecurity threats.

Security Architecture & Design

• Collaborate with IT and development teams to design and implement secure system architectures and security protocols.
• Evaluate and recommend security tools, solutions, and technologies that enhance the security posture of the organization.
• Provide input into system and network designs to ensure security best practices are implemented.

Security Operations & Monitoring

• Oversee and manage the monitoring of network traffic, systems, and applications for signs of security breaches and vulnerabilities.
• Implement security measures such as firewalls, intrusion detection systems (IDS), encryption, and access controls.
• Work with IT and security teams to ensure effective patch management, vulnerability scanning, and threat intelligence analysis.
• Continuously monitor emerging security threats and trends to proactively address potential risks.

Training & Awareness

• Lead the development and implementation of information security awareness training programs for employees at all levels.
• Educate staff on security best practices, policies, and procedures to reduce human risk factors (e.g., phishing attacks, social engineering).
• Provide mentoring and guidance to junior information security staff and other internal stakeholders.

Vendor & Third-Party Risk Management

• Assess and manage the security risks associated with third-party vendors, ensuring compliance with security standards and policies.
• Conduct third-party security assessments and audits to ensure that vendors meet the organization's security requirements.

Reporting & Documentation

• Prepare and present regular security reports and risk assessments to senior leadership, providing recommendations for improvement.
• Maintain and update security documentation, including incident logs, vulnerability assessments, risk management plans, and security policies.
• Job specific knowledge and Skills:
• In-depth knowledge of Information Security Governance, Risk Management, and Compliance (GRC).
• Experience with Vulnerability Management, Penetration Testing (VAPT), and Secure SaaS Product Development.
• Strong understanding of SaaS security, cloud security architectures, and DevSecOps methodologies.
• Familiarity with ISO 27001, NIST Cybersecurity Framework, CIS Controls, SOC 2, GDPR, and PCI DSS.
• Ability to engage, influence, and collaborate with senior executives, IT teams, and product teams.
• Strong communication and reporting skills, ensuring executive stakeholders (including the CFO) understand key security risks and required actions.
• Ability to bridge the gap between security, compliance, and business competitiveness in SaaS development.

Qualifications And Relevant Roles And Experience

• Minimum of 5-7 years of experience in information security or cybersecurity, with at least 3 years in a senior or specialized role.
• Proven experience with security technologies, including firewalls, encryption, SIEM tools, IDS/IPS, and endpoint security solutions.
• Experience conducting risk assessments, vulnerability management, and security audits.
• Experience with regulatory requirements such as GDPR, HIPAA, PCI-DSS, or SOX.
• Familiarity with incident response, forensics, and disaster recovery planning.