Job Title

Job Statement: NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service. We are looking for a proven, high energy, results oriented GRC professional, where you will be a key advisor for our clients, analyzing business requirements to design and implement ideal security solutions for their needs. As an established GRC Professional, you will span operational, tactical, and strategic levels as well as tasks that tackle difficult problems that businesses are facing when building out and improving their security and compliance posture. Job responsibilities: Subject matter expert on information and cyber security governance, risk and compliance – services and solutions Plans and executes information technology security assessments of on-premise/cloud IT assets by understanding organization objectives, structure, policies, processes, internal controls, and external regulations; identifies risk areas; prepares scope and objectives; prepares internal controls review programs Tests all IT security controls, creates - assessment work programs, current state posture assessment model, and customized reports Completes assessment work papers and memoranda by documenting assessment tests and findings. Understanding of Digital Personal Data Protection Act, 2023. Familiarity working with and/or managing Governance, Risk, and Compliance (GRC) tools. Hands on security controls testing experience for web applications, mobile applications, and corporate systems Good understanding of Security Risk Management tools and processes Third party risk management (TPRM) exposure Support in sales pursuits and proposals and assist in building practice eminence Deliver complex projects in a fast-paced, team environment Promote and participate in forums for sharing expertise, strengthening firm’s collective knowledge, and helping resolve our clients’ challenges Provide leadership to the enterprise's information security organization Constantly update the cyber security strategy to leverage new technology and threat information Establish strong client relationships to help progress the Services portfolio. Job specifications: 1. Qualification: Bachelor’s degree in Engineering or closely related coursework in technology development disciplines Certifications – ISO 27001 Lead Implementer/Lead Auditor One or more security certifications: Certified Information Systems Security Professional (CISSP)/Certified Information Systems Auditor (CISA)/Certified Information Privacy Professional (CIPP) etc. One or more cloud security certifications: Certification in Public Cloud Technology from one of the major Cloud Service Providers (e.g. AWS Certified Solutions Architect, Microsoft Azure Architect, Google Cloud Architect), or Certified Cloud Security Professional (CCSP)/ Certificate of Cloud Security Knowledge (CCSK) etc. 2. Experience: Total Experience – 5+ years 3. Desired Skills: Knowledge and Experience: Good understanding of information security principles, the relating of compliance controls to those principles, and articulating the relevance of controls to stakeholders. Expertise in delivery of IT risk and compliance advisory services Experience in management consulting and IT security audits Excellent capabilities around technology risk assessments Knowledge of IT and cyber security regulations Knowledge and working experience of IT risk management based on ISO 31000/ISO 27005, NIST Cyber Security Framework, ISO 27001/27002, GDPR, PCI DSS, SOC 1/SOC 2, COBIT Expertise in GRC project & program management Knowledge of security tool and process, which include vulnerability scanning, code review, application scanning, container security, software composition analysis, security testing and other security automation tools Expertise in cloud security implementations Proficient in preparation of reports, dashboards and documentation Experience in effective vendor/partner management Experience in client management Ability to research and develop new security risk-based offerings Comfortable working in a project based / client serving model Ability to lead and shape client expectations Personal Attributes Self-starter and quick learner requiring minimal ramp-up Excellent written, oral, and interpersonal communication skills Highly self-motivated, self-directed, and attentive to detail Ability to effectively prioritize and execute tasks in a high-pressure environment