Lead Specialist of the GRC (Governance, Risk, and Compliance) Department for Information Security

Bachelor’s or master’s degree in Information Security, Cybersecurity, Computer Science, or a related field; Fundamental IT knowledge is essential; Understanding of information security principles and international practices; Familiarity with security frameworks and standards such as ISO 27001, NIST, and PCI-DSS is desirable. At least 3 years of work experience in the field of information security; Experience in auditing functional IT departments; Technical experience in compliance checks in information security; Ability to write scripts for automating compliance processes; Knowledge or experience in developing Threat Modeling processes; Basic knowledge or experience in incident management is desirable. Experience or knowledge related to the implementation of systems that ensure the security of IT infrastructure (DLP, PAM, MDM, MAM, Mail Security, System/Network Security, etc.) is desirable. Experience or knowledge in the implementation and configuration of application-level security firewalls (Cloud WAF is preferred) is desirable. High-level communication skills in Azerbaijani; High-level communication skills in English or Russian; Basic knowledge or experience in conducting awareness-raising simulations or training in information security for human resources; Strong analytical thinking and problem-solving skills; Ability to work independently and as part of a team.