Global Security Services - GRC Security Specialist

GRC Security Specialist

Role Summary:

The ISMS Specialist / GRC Analyst / Information Security Analyst is responsible for supporting, maintaining, and continuously improving the organization’s Information Security Management System (ISMS) in line with international standards (e.g., ISO/IEC 27001 and NIST). The role ensures that information security steering documents and associated controls are implemented, monitored, and effective, and that compliance with regulatory and internal requirements is maintained. The specialist acts as a subject matter expert, providing guidance and support across the organization on GRC (Governance, Risk & Compliance)-related matters. 

Key responsibilities:

• Maintain and improve the ISMS framework, policies, directives, and internal standards. 

• Coordinate and support internal and external information security assessments. 

• Monitor compliance with information security policies and standards. 

• Support risk assessments and risk treatment activities within Information Security. 

• Monitor and report on Information Security performance metrics. 

• Provide training and awareness on ISMS topics. 

• Liaise with stakeholders to ensure alignment with business objectives and regulatory requirements. 
• Third-party risk assessments and Security assessments internally 

Responsibilities and authorities

List of responsibilities and authorities: 

• Authorized to access and manage ISMS documentation and records. 

• Can recommend and initiate corrective and preventive actions within the ISMS scope. 

• May have authority to approve certain ISMS-related changes or exceptions. 

• No direct budget or personnel responsibility unless otherwise specified. 

• Reports to the Group Information Security Risk & Compliance Manager on ISMS matters. 

Key competences:

List of key competences

• In-depth knowledge of ISMS frameworks (especially ISO/IEC 27001 and NIST). 

• Strong understanding of information security risk management as well as management systems. 

• Analytical and problem-solving skills. 

• Effective and easy to understand communication and stakeholder management. 

• Project management abilities. 

Requirements:

• Education: Bachelor’s degree in computer science, information security or related field. 

• Relevant certifications (e.g., ISO/IEC 27001 Lead Implementer/Auditor, CISM)

Languages:

Fluent in English

Computer skills:

Other:

Experience:

8+ years in information security or a related field, preferably in a global or enterprise environment.

Personal qualities:

List of personal qualities

• Very Detail-oriented and thorough. 

• High integrity and confidentiality. 

• Proactive and self-motivated. 

• Strong organizational and planning skills. 

• Ability to work independently and as part of a team.