Job Purpose
The Information Security Compliance Specialist will perform a comprehensive review of the organization's applications, APIs, and supporting infrastructure to ensure compliance with information security best practices, internal policies, and regulatory frameworks such as NESA, ISO 27001, GDPR, PCI-DSS and industry standards.The specialist will assess current controls, identify security gaps, and produce a detailed audit report outlining findings, risks, and actionable recommendations to strengthen the security posture.
Key Result Responsibilities
- Conduct end-to-end security compliance reviews for all applications, APIs, and supporting systems.
- Evaluate system configurations, access controls, data flows, encryption practices, and deployment environments.
- Review application development and change management processes for secure coding and deployment practices.
- Assess compliance with NESA, ISO 27001, NIST, GDPR, PCI-DSS and internal information security policies.
- Identify and document non-compliance areas, control weaknesses, and potential risks.
- Provide practical, prioritized recommendations for remediation and improvement.
- Collaborate with application owners, IT, and development teams to validate findings and clarify technical aspects.
- Deliver a final audit report summarizing the assessment results, risk ratings, and compliance status.
- Transform the findings into actionable items along with different stakeholders and keep a track on progress
Key Result Responsibilities-Continued
Qualifications (Academic, Training, Languages)
- Bachelor's degree in Information Security, Computer Science, IT, or related field.
Work Experience
- 36 years of experience in information security, IT governance, or compliance.
- Knowledge of regulatory requirements (e.g., GDPR, local data protection laws, etc. depending on jurisdiction).
- Familiarity with security standards/frameworks (ISO 27001, NIST CSF, SOC 2, COBIT, etc.).
- Experience with audit processes and vendor security risk management.
