Information Security Specialist

Job Title: GRC AnalystThis is a critical role for any organization seeking to drive compliance programs, manage audits, and ensure third-party security risks are effectively identified and mitigated. We are seeking an Information Security professional with expertise in Governance, Risk & Compliance (GRC), Data Protection, and Third-Party Risk Management (TPRM).Governance, Risk & Compliance (GRC)The successful candidate will develop, implement, and maintain information security policies, standards, and procedures. They will conduct risk assessments and drive risk treatment/mitigation plans, ensuring timely closure of findings. Additionally, they will monitor compliance with frameworks/standards such as ISO 27001, NIST, CIS.Develop and Implement Information Security Policies: Create and maintain information security policies, standards, and procedures that align with organizational goals and regulatory requirements.Conduct Risk Assessments: Identify and assess potential risks to the organization's information assets, developing mitigation strategies to address these risks.Monitor Compliance: Ensure ongoing monitoring of compliance with established policies, standards, and regulations, making recommendations for improvement where necessary.Data ProtectionThe ideal candidate will identify and mitigate risks associated with processing of personal and sensitive data. They will oversee data classification, retention, and secure disposal practices, leading initiatives around Data Loss Prevention (DLP). This includes policy finetuning, incident monitoring, and working with stakeholders on data handling improvements.Identify and Mitigate Risks: Conduct thorough risk assessments to identify vulnerabilities in data handling processes, implementing controls to mitigate these risks.Oversee Data Classification: Develop and implement data classification policies, ensuring that sensitive data is properly classified and handled.Lead DLP Initiatives: Design and implement Data Loss Prevention strategies, ensuring that data is properly protected from unauthorized access or disclosure.Third-Party Risk Management (TPRM)The successful candidate will conduct security assessments and due diligence for vendors, partners, and service providers. They will review and evaluate vendor security controls, certifications, and compliance posture, managing the third-party risk lifecycle.Conduct Security Assessments: Perform thorough security assessments of third-party vendors, partners, and service providers, identifying potential risks to the organization.Review Vendor Security Controls: Evaluate the security controls and compliance posture of third-party vendors, partners, and service providers, making recommendations for improvement where necessary.Manage the Third-Party Risk Lifecycle: Oversee the entire third-party risk lifecycle, from onboarding to periodic reviews and issue remediation.Qualifications:Bachelor's degree in Computer Science or Information Security or related field.4–6 years of experience in Information Security roles with focus on GRC, Data Protection, and TPRM.Strong understanding of security standards (ISO 27001, NIST, etc.).Experience conducting risk assessments, vendor due diligence, and compliance reviews.Good knowledge of data protection principles, privacy laws, and security best practices.Excellent documentation, communication, and stakeholder management skills.Preferred Skills:Relevant certifications such as CISM, CISA, ISO 27001, CIPM, or CRISC.Experience with GRC tools (e.g., Archer, ServiceNow GRC, OneTrust, or similar).Knowledge of cloud security and SaaS vendor risk assessments.