GRC (Governance, Risk, and Compliance) Lead Specialist in Information Security Department

Education in Information Security, Cybersecurity, Computer Science, or a related field at the bachelor’s or master’s level; Fundamental IT knowledge is required; Understanding of information security principles and international practices; Familiarity with security frameworks and standards such as ISO 27001, NIST, and PCI-DSS is desirable. At least 3 years of work experience in the field of information security; Audit experience in functional IT departments; Technical experience in compliance checks in the field of information security; Ability to write scripts for automating compliance processes; Knowledge or experience in developing Threat Modeling processes; Initial knowledge or experience in incident management is desirable. Experience or knowledge related to the implementation of systems that ensure the security of IT infrastructure (DLP, PAM, MDM, MAM, Mail Security, System/Network Security, etc.) is desirable. Experience or knowledge in the application and configuration of application-level security firewalls (Cloud WAF is preferred) is desirable. High level of communication skills in Azerbaijani; High level of communication skills in English or Russian; Initial knowledge or experience in conducting informative simulations or training on information security for human resources; Strong analytical thinking and problem-solving skills; Ability to work independently and as part of a team.