Спеціаліст з інформаційної безпеки

Job Description: Our company seeks an experienced GRC (Governance, Risk, and Compliance) Senior Consultant to join our team. The ideal candidate will deeply understand GRC frameworks, including ISO 27001, NIST, PCI DSS, EU GDPR, and other relevant regulations. As a GRC Senior Consultant, you will be responsible for working with our clients to develop and implement effective cybersecurity strategies and solutions that align with their business objectives and compliance requirements, including:

• Conduct risk assessments, gap analyses, and compliance assessments for clients across various industries.
• Develop and implement cybersecurity strategies, policies, and procedures that align with client business objectives and compliance requirements.
• Collaborate with clients to design and implement effective controls and remediation plans.
• Provide guidance and recommendations on implementing international standards and frameworks, including ISO 27001, NIST, PCI DCC, GDPR, etc.
• Stay up-to-date on industry trends, emerging threats, and new regulations to ensure clients remain compliant and secure.
• Deliver cybersecurity training and awareness programs to client’s stakeholders, including executives and employees.

Qualifications:

• Strong commitment to professional excellence, taking personal responsibility to raise the bar and deliver impactful results.
• Excellent communication and interpersonal skills, able to effectively engage with stakeholders at all levels.
• Deep understanding of cybersecurity frameworks, such as ISO 27001, NIST, PCI DSS, and EU GDPR, with experience applying this knowledge to inform recommendations and deliverables.
• Ability to plan and execute risk assessments, leveraging cybersecurity frameworks and tools and applying qualitative and quantitative techniques to improve the reliability and validity of assessments.
• Proficient in designing and implementing risk governance structures and processes, devising targeted mitigation plans, and supporting frameworks and tools.
• Strong analytical and problem-solving skills, critically analyzing risk assessment results and thinking independently to generate recommendations and solutions.
• Experience leading analysis of the client's threat landscape, control environment, and cyber capabilities to identify gaps and develop prioritized recommendations to enhance the effectiveness of the client's cyber risk management capabilities
• Bachelor's degree in Computer Science, Information Security, or related field, with 3+ years of experience in GRC consulting, including risk management, compliance assessments, and policy development. Professional certifications, such as ISACA (CISA/CISM, ISC2 (CISSP), PECB (ISO 27001 LA/LI) or equivalent, are preferred.