IT Security 5+ years IT Professional 8+ years Project leadership experience 4+ years Experience evaluating and implementing vendor security offerings 4+ years Strong attention to detail Excellent communication skills (written and verbal) Nice to Have Skills: CISSP or equivalent 1 year We are seeking an experienced Information Security Risk & Compliance Specialist to join our dynamic team. In this role, you will be responsible for identifying, analyzing, evaluating, and documenting information security risks and controls. You will also play a key role in measuring, monitoring, and managing risks related to IT, information security, privacy, regulatory compliance, and governance. If you are passionate about maintaining the highest standards of security and compliance, we want to hear from you!Key Responsibilities: Information Security Risk Assessment: Conduct thorough assessments to identify, analyze, evaluate, and document information security risks and controls based on established criteria. Risk Management: Measure, monitor, and manage risks related to the use of IT, information security, privacy, regulatory compliance, and governance. Ensure compliance with industry and government regulations at all levels. Control Implementation: Assist the security team with gap analysis and the implementation of frameworks and standards such as ISO 27001, NIST, and CSC. Engage with stakeholders to identify issues, understand their needs and challenges, and proactively support those needs. Coordination: Provide coordination to the GRC team by setting goals, objectives, and performance metrics. Ensure the team is aligned with the organizations mission and develop strategies to improve the effectiveness of the GRC program. Qualifications: Proven experience in information security risk assessment and management. Familiarity with frameworks and standards such as ISO 27001, NIST, and CSC. Strong understanding of regulatory compliance and governance. Excellent coordination and communication skills. Ability to work effectively with various stakeholders.