InvestorsStoreControl PanelContact us

Back to All Vacancies

Information Security (GRC) Specialist

Submit application

Primary Purpose

With a primary focus on overall compliance within BMIT Technologies, the Information Security Specialist will be responsible for the implementation and maintenance of controls, processes and audits related to BMIT Technologies’:

  • Information Security Management System (ISMS);
  • PCI DSS Compliance;
  • GDPR;
  • Project/programme management framework.

Overall, this would include:

  • Overall management of BMIT Technologies’ compliance programmes including ISMS and PCI DSS;
  • The implementation and maintenance of policies and procedures;
  • Leading security awareness campaigns across the organisation;
  • Supporting the internal teams with regulatory security requirements focusing ISO27001:2013 and PCI DSS;
  • Project and Programme management of company’s strategic initiatives and/or projects;
  • Coordination of GDPR requirements and liaison with the company’s DPO with respect to GDPR related matters

 Specific Responsibilities

  • Develop and maintain the company’s Information Security related policies, procedures and work instructions;
  • Ensuring the continual improvement of BMIT Technologies’ ISMS, PCI DSS and GDPR programmes;
  • Assisting with the design of information security processes, policies, and procedures;
  • Performing periodic audits of key security controls, processes and audits to ensure operating effectiveness;
  • Contribute to the development of appropriate security KPIs, objectives and strategies aimed at improving BMIT Technologies’ security posture and security maturity;
  • Maintain and improve the security education, training and awareness framework;
  • Performing information security risk assessments;
  • Maintain BMIT’s Security Risk Register and liaising with other relevant parties within the organization;
  • Contributing to the ISMS Committee;
  • Providing advice on ISO27001, PCI DSS and other relevant compliance standards;
  • Participate and provide assistance during regulatory audits;
  • Assist teams in supplier onboarding risk assessment process;
  • Establishing an overall Programme Management framework and track progress on corporate strategic initiatives/projects;
  • Project Manage assigned projects, developing project scopes and objectives, involving all relevant stakeholders, and ensuring technical feasibility;
  • Developing detailed project plans and create comprehensive project documentation to track progress;
  • Ensure projects are delivered on-time, within scope and budget;
  • Measure project performance using appropriate systems, tools and techniques;
  • Report and escalate issues to management as needed;
  • Establish and maintain relationships with internal departments as well as third parties/vendors

Qualifications

  • Minimum of two years working experience in an Information Security role, or similar;
  • Bachelor’s degree in Information Systems, Computer Science or a relevant area;
  • Good understanding of ISO27001 requirements;
  • Certifications in information security, IT or auditing (ISO 27001 Implementer/auditor, etc.);
  • Project Management certification such as Prince2 or Agile;
  • Clear understanding of ITIL/ITSM;
  • Knowledge of GDPR Law

Other Skills

  • Be a self-starter;
  • Excellent written and oral communication skills in English;
  • Strong work ethic, methodical and good attention to detail;
  • Ability to deliver quality work when under pressure;
  • Ability to multitask and prioritize tasks as required;
  • Strong willingness to learn;
Submit application