**Job Overview**:
**Key Responsibilities**:
- Design, oversee implementation, and monitor security measures for the protection of information systems, networks, and data.
- Conduct vulnerability assessments, penetration testing, and security audits.
- Investigate security breaches and lead incident response efforts.
- Develop, update, and enforce company-wide security policies and procedures.
- Collaborate with IT to enhance firewall, intrusion detection, and prevention systems (IDS/IPS).
- Oversee Implementation and maintenance of security solutions, such as antivirus, encryption, and data loss prevention systems.
- Conduct internal and external security audits to ensure compliance with industry security standards and certifications (e.g., ISO 27001, SOC 2, PCI DSS).
- Coordinate with external auditors and regulators during the audit process to demonstrate compliance with required security certifications.
- Maintain documentation and evidence for audit purposes, ensuring readiness for annual or periodic certification renewals.
- Continuously monitor for emerging security threats and vulnerabilities and update systems accordingly.
- Support risk management processes by identifying and mitigating potential security risks.
- Create and maintain security documentation, including risk assessments, disaster recovery plans, and audit reports.
- Provide training and guidance to staff on security awareness and best practices.
- Ensure compliance with industry standards and regulations, such as GDPR, HIPAA, and ISO 27001.
**Required Qualifications**:
- Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
- Minimum of 3-5 years of experience in a cybersecurity or information security role.
- In-depth knowledge of security frameworks and best practices (e.g., NIST, CIS, ISO 27001).
- Experience conducting audits or assessments for security certifications, such as ISO 27001, SOC 2, or PCI DSS.
- Experience with network security tools (firewalls, IDS/IPS, VPN, etc.).
- Strong understanding of encryption technologies, identity and access management (IAM), and security protocols.
- Knowledge of scripting languages (Python, Bash, PowerShell) for automating security tasks.
- Familiarity with compliance regulations and industry standards (e.g., GDPR, HIPAA, PCI DSS).
- Experience with incident response, threat analysis, and risk mitigation.
- Relevant certifications, such as CISSP, CISM, CEH, or CompTIA Security+.
**Preferred Skills**:
- Experience with cloud security (AWS, Azure, GCP).
- Experience with SIEM tools, threat intelligence platforms, and endpoint detection and response (EDR).
- Understanding of DevSecOps and integrating security into the development pipeline.
- Strong analytical and problem-solving skills.
**Personal Attributes**:
- Strong attention to detail and ability to work in a fast-paced environment.
- Excellent communication skills, both written and verbal.
- Ability to work independently and as part of a team.
- Proactive approach to identifying and resolving security issues.