Job Summary:
We are seeking a highly skilled IT professional with proven experience in IT
compliance, enterprise systems, and cyber security. The ideal candidate will be
responsible for ensuring that IT infrastructure, policies, and practices meet regulatory
standards while implementing and overseeing robust cyber security measures to
protect the organization from internal and external threats.
Key Responsibilities:
Ensure all IT systems and processes are compliant with applicable laws, regulatory
requirements, and industry standards (e.g., ISO 27001, GDPR, IT Act, etc.).
Design, implement, and monitor cyber security protocols to safeguard the
organization’s networks, systems, and data.
Conduct IT risk assessments, cyber security audits, and vulnerability testing on a
periodic basis.
Develop and enforce IT and cyber security policies, procedures, and internal control
mechanisms.
Monitor firewall, intrusion detection/prevention systems (IDS/IPS), endpoint
protection, and anti-virus solutions.
Evaluate and improve access control mechanisms, system hardening, and data
encryption standards.
Identify and address compliance or security gaps across infrastructure, applications,
and cloud environments.
Assist in third-party/vendor evaluations from a cyber security and compliance
standpoint.
Respond to security incidents and breaches, lead root cause analysis, and
implement corrective actions.
Conduct cyber security awareness and training sessions for employees and key
stakeholders.
Collaborate with internal teams to embed security and compliance into IT projects
and operations.
Generate regular reports and dashboards for senior management, highlighting
compliance status, threats, incidents, and mitigation plans.
Required Skills & Qualifications:
Bachelor’s degree in Computer Science, Information Technology, or a related field
(Master’s preferred).
Minimum 5 years of experience in IT systems and compliance, with a focus on cyber
security and enterprise IT.
Strong understanding of security and compliance frameworks: ISO 27001, NIST,
SOC 2, GDPR, IT Act, etc.
In-depth knowledge of cyber security tools and practices, including firewalls,
antivirus, endpoint security, SIEM, and cloud security (AWS/Azure).
Experience in incident management, vulnerability management, and penetration
testing.
Sound understanding of network architecture, backup solutions, access
management, and disaster recovery.
Relevant certifications preferred: CISSP, CISM, CISA, CEH, ISO 27001 Lead
Auditor/Implementer.
Strong analytical skills, attention to detail, and the ability to handle sensitive
information with discretion.
Excellent communication and stakeholder engagement abilities.