(REMOTE) Information Security & GRC Analyst (Mid-Level)

Information Security & GRC Analyst (Mid-Level)

Company: TeamFicient
Location: Remote
Employment Type: Full-Time
Salary Range: To be discussed (Negotiable for highly experienced candidates)

Work Schedule:

• Time Range: Between 7 AM – 7 PM CST (Graveyard shift)
• Working Hours: 9 hours per day (8 working hours + 1-hour break)
• Days Off: TBD (2 days per week)

Why Join Us?

• Competitive salary based on experience.
• Opportunity to grow within an international, people-first organization.
• Supportive work environment that values innovation, inclusion, and career growth.

Position Overview

This role bridges Information Security Governance and Technical Compliance for our MDR + Compliance platform.

The Information Security & GRC Analyst ensures alignment with frameworks such as ISO 27001, SOC 2 Type II, NIST CSF 2.0, GDPR, HIPAA, and PCI DSS, translating requirements into technical implementation tasks for engineering teams and maintaining audit readiness.

Key Responsibilities

• Build and maintain the Control Matrix and Statement of Applicability across frameworks.
• Perform risk and gap assessments, maintain the risk register, and treatment plans.
• Map framework controls to technical configurations (Azure, AWS, EDR, CI/CD).
• Collect and validate audit evidence (logs, reports, approvals, tickets).
• Draft and update policies: Access Control, Incident Response, Secure Development, and Vendor Risk Management.
• Support data privacy and AI governance tasks (LLM usage, data segregation).
• Prepare for external audits and track corrective actions.
• Conduct internal security awareness training sessions.

Qualifications & Must-Haves

• 3–5 years of experience in Information Security or GRC.
• Deep knowledge of ISO 27001, SOC 2 Type II, NIST CSF 2.0, GDPR, HIPAA, PCI DSS, ADHICS.
• Familiar with cloud security controls (Azure Defender, AWS Security Hub).
• Strong documentation, communication, and policy writing skills.
• Experience using compliance automation tools (Drata, Vanta, Secureframe).

Tech Stack & Frameworks:

• ISO 27001, SOC 2 Type II, NIST CSF 2.0, GDPR, HIPAA, PCI DSS, ADHICS, Azure Security Center, AWS Config, Drata, Vanta, ClickUp, Google Workspace

Education:

• Bachelor’s or Master’s in Information Security, Computer Science, or Cybersecurity Governance.
• ISO 27001 Lead Implementer/Auditor or equivalent certification preferred.

Technical/System Requirements

• Desktop or laptop with Intel Core i7 / i9 or AMD Ryzen 7 / 9 (or higher) processor
• Minimum 32GB RAM for multitasking and large file handling
• NVIDIA RTX or AMD Radeon Pro graphics card (recommended)
• Workstation free from noise and distractions
• Stable primary internet connection and backup internet
• USB headset with noise-cancelling microphone
• Backup power source (generator, UPS, or accessible alternative workspace during outages)

This is a long-term opportunity for an experienced IT professional who is ready to take on a leadership role in a fast-paced, global organization.

Join TeamFicient and help build efficient, secure, and scalable IT operations that empower teams to perform at their best.

Job Type: Full-time

Application Question(s):

• What is your expected monthly salary for this position (in PKR)?

Work Location: Remote