Information Security Engineer - GRC

Overall Job Purpose:

Support information security governance, risk, and compliance (GRC) activities through risk assessment, control monitoring, audit support, and enforcement of security policies and standard

Responsibilities:

• Support governance, risk, and compliance (GRC) initiatives across the organization.
• Assist in conducting risk assessments, risk treatment plans, and remediation tracking.
• Support the design, implementation, testing, and monitoring of security controls.
• Assist in drafting and maintaining security policies, standards, procedures, and guidelines.
• Coordinate audit activities and support evidence collection for internal and external audits.
• Monitor compliance with security frameworks and standards such as ISO 27001, NIST, PCI DSS, and COBIT.
• Track security incidents, policy exceptions, corrective actions, and remediation activities.
• Prepare compliance reports, risk reports, and security documentation for management and auditors.
• Support awareness initiatives and communicate security and compliance requirements to stakeholders.

Qualifications

• A bachelor’s degree in Information Security, Cybersecurity, IT, Computer Science, Engineering, or Business.
• Practical understanding of governance, risk management, controls, audits, policy writing, and compliance reporting is more important than pure hands-on technical depth.
• Familiarity with frameworks and standards such as ISO 27001, NIST, PCI DSS, COBIT.

Useful certifications

• ISO 27001 Lead Implementer or Lead Auditor
• CISA
• CRISC
• Risk assessment and treatment.
• Control design, testing, and monitoring.
• Policy, standard, and procedure drafting.
• Audit coordination and evidence collection.
• Incident, exception, and remediation tracking.
• Stakeholder communication and reporting to management, technical teams, and auditors.