InfoSec & Compliance Specialist

Job Statement:

NopalCyber makes cybersecurity manageable, affordable, reliable, and
powerful for companies that need to be resilient and compliant. Managed
extended detection and response (MXDR), attack surface management (ASM), breach
and attack simulation (BAS), and advisory services fortify your cybersecurity
across both offense and defense. AI -driven intelligence in our Nopal360°
platform, our NopalGo mobile app, and our proprietary Cyber Intelligence
Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity
posture in real -time. Our service packages are tailored to client needs and
budgets, with external threat analysis provided at no cost—democratizing access
to enterprise -grade cybersecurity for all.

We are looking for a high -energy, results -oriented GRC professional
with 6 to 10 years of experience, combining expertise in IT and
Governance, Risk, and Compliance (GRC). The candidate will report directly
to the CISO’s office and contribute to internal audits and
projects executed under CISO’s instructions.

Key Responsibilities:

• Serve as a subject matter expert on
  information and cybersecurity governance, risk, and compliance (GRC)
  services and solutions.
  
• Execute security assessments of on -premise/cloud
  IT environments aligned with business objectives and regulatory
  requirements.
  
• Conduct testing and validation of IT security
  controls, documenting findings and preparing detailed reports.
  
• Manage and perform internal audits as per
  the CISO’s directives, contributing to risk posture improvements
  and present the metrics to the CISO on a regular basis.
  
• Apply knowledge of the Digital Personal Data
  Protection Act, 2023, and other global data protection laws.
  
• Utilize and manage GRC tools and platforms.
  
• Conduct security control assessments for
  web/mobile applications and enterprise systems.
  
• Drive third -party risk management and support
  client -facing initiatives.
  
• Deliver complex GRC projects in dynamic,
  fast -paced environments.
  
• Engage in knowledge -sharing forums to strengthen
  team capabilities.
  
• Continuously enhance the cybersecurity strategy
  based on evolving threats and technologies.
  

Job Requirements:

1. Qualifications:

• Bachelor’s degree in Engineering or a related
  technology discipline.
  
• Mandatory Certification:
  
• Must possess CISA or ISO 27001 Lead
  Auditor certification.
  
• Additional certifications preferred:
  
• ISO 27001 Lead Implementer
  
• CISSP, CIPP, CCSK, or CCSP
  
• Public Cloud certifications (AWS, Azure, GCP)
  

2. Experience:

• 6 to 10 years of total
  experience with proven exposure to both IT and GRC functions.
  
• Experience in internal audits, consulting, and
  cybersecurity risk advisory.
  

3. Desired Skills:

• Deep understanding of information security
  principles and compliance frameworks.
  
• Strong understanding of the IT topology and
  application development principles
  
• Hands -on experience with security tools (e.g.,
  vulnerability scanners, code review platforms).
  
• Strong exposure to IT/cybersecurity standards:
  ISO 27001/27005, NIST CSF, PCI DSS, SOC 1/2, GDPR, COBIT.
  
• Excellent communication skills, documentation
  abilities, and stakeholder engagement.
  
• Experience in program and project management
  within cybersecurity initiatives.
  

4. Personal Attributes:

• Self -starter with strong problem -solving skills.
  
• Highly motivated and able to work with minimal
  supervision.
  
• Strong prioritization and multitasking abilities
  under pressure.