Senior Analyst/Analyst - IT Security & Governance

Position Summary

We are looking for a proactive and detail-oriented Senior/ IT Security Analyst to lead and support enterprise-wide security initiatives. This role plays a critical part in advancing our Governance, Risk, and Compliance (GRC) maturity, enhancing operational security, and fostering a strong security culture across global teams. The ideal candidate will bring deep expertise in ISO 27001, NIS2 alignment, incident response, and modern security technologies.

Key Responsibilities

1. Governance, Risk, and Compliance Excellence

• Maintain ISO 27001 certification through annual internal audits and timely reporting.
• Align the Information Security Management System (ISMS) and security policies with the NIS2 Directive in collaboration with Legal.
• Conduct quarterly Risk Analysis reviews and maintain an up-to-date Enterprise Risk Register.
• Coordinate external audits, ensuring zero major non-conformities.

2. Security Operations and Incident Response

• Monitor and respond to IT Security queries.
• Conduct quarterly firewall port and application access reviews for all critical systems.
• Complete annual security reviews for key applications and maintain updated exception handling processes.

3. Policy, Awareness, and Collaboration

• Lead annual global policy reviews, ensuring alignment with regulatory requirements.
• Organize Cybersecurity Awareness Month and publish monthly “Knowledge Bytes” in collaboration to foster security culture.

4. Strategic Security Initiatives and Capability Building

• Support SIEM implementation with full log integration from critical assets.
• Deploy DLP and other security stack with milestone-based tracking.
• Complete RFPs and vendor security questionnaires.
• Maintain and update the Project Security Manual quarterly.

5. Data Privacy and Protection

• Ensure compliance with GDPR, NIS2, and other applicable data protection regulations across all business units.
• Conduct Data Protection Impact Assessments (DPIAs) for new projects and systems handling personal data.
• Maintain and enforce the Data Processing Agreement (DPA) framework in collaboration with Legal and Procurement teams.
• Monitor and report on data privacy metrics, including incident trends, training completion, and audit findings.

Required Qualifications

• Bachelor’s degree in Information Security, Computer Science, or a related field.
• Minimum 3-8 years of experience in IT security, with a strong background in GRC and operational security.
• Proven experience with ISO 27001, NIS2, and enterprise risk management frameworks.
• Hands-on expertise with SIEM, DLP, vulnerability management, and access control tools.
• Strong analytical, documentation, and stakeholder engagement skills.

Preferred Qualifications

• Professional certifications such as ISO 27001 Lead Auditor/Implementor, CEH, Security+, SSCP or equivalent.
• Experience coordinating external audits and managing cross-regional compliance programs.