Careers

Careers

Job: *Implementation
Title: GRC implementation Consultant

Job Description

  • Position Overview

    We are seeking a highly skilled GRC Implementation Specialist with expertise in designing, deploying, and managing Governance, Risk, and Compliance frameworks. This role will be responsible for implementing GRC solutions, aligning them with business objectives, regulatory requirements, and industry standards, while enabling efficient risk and compliance management across the organization.

    Key Responsibilities

    • Framework Development & Implementation

      • Design, implement, and maintain GRC frameworks (e.g., ISO 27001, NIST, COBIT, COSO, SOX, HIPAA, PCI-DSS, GDPR).

      • Translate governance, risk, and compliance requirements into structured frameworks and workflows within GRC platforms (e.g., Archer, ServiceNow GRC, MetricStream, OneTrust).

      • Define policies, procedures, and controls to support regulatory compliance and risk management.

    • Risk & Compliance Management

      • Conduct risk assessments, control evaluations, and compliance gap analyses.

      • Support business units in identifying, documenting, and mitigating risks.

      • Monitor compliance with laws, regulations, and internal policies.

    • System Implementation & Optimization

      • Configure and optimize GRC platforms to streamline processes, reporting, and dashboards.

      • Partner with IT and business stakeholders to ensure effective integration with enterprise systems.

      • Ensure GRC technology supports automation, issue management, and audit tracking.

    • Governance & Reporting

      • Develop and maintain governance structures for risk and compliance oversight.

      • Provide management with key risk indicators (KRIs), compliance metrics, and dashboards.

      • Prepare reports for executive leadership, regulators, and auditors.

    • Change Management & Training

      • Drive organizational adoption of GRC practices through communication and training.

      • Support awareness programs on compliance, risk management, and corporate governance.

    Qualifications

    • Education: Bachelor’s degree in Information Security, Risk Management, Business, or related field. Master’s degree or MBA preferred.

    • Experience:

      • 5+ years in GRC, risk management, compliance, or internal audit.

      • Proven track record of implementing GRC frameworks and tools.

      • Experience with industry regulations and compliance standards.

    • Technical Skills:

      • Hands-on experience with GRC platforms (RSA Archer, ServiceNow GRC, MetricStream, etc.).

      • Knowledge of IT risk, cybersecurity, and regulatory requirements.

      • Strong understanding of internal controls, risk assessment, and audit processes.

    • Certifications (preferred): CISA, CRISC, CGEIT, CISM, CISSP, ISO 27001 Lead Implementer/Auditor.

    Soft Skills

    • Strong analytical, problem-solving, and process improvement skills.

    • Excellent communication and stakeholder management.

    • Ability to translate technical requirements into business language.

    • Strong organizational skills with attention to detail.

Job: IT
Title: Penetration tester

Overview

We are seeking a highly skilled and detail-oriented Penetration Tester to join our cybersecurity team. The ideal candidate will be responsible for identifying vulnerabilities in applications, networks, and systems by simulating cyberattacks. You will work closely with security engineers, developers, and IT staff to strengthen our defenses, ensure compliance, and protect sensitive data.

Key Responsibilities

  • Conduct penetration testing on web applications, APIs, mobile apps, networks, and cloud environments.

  • Perform threat modeling and vulnerability assessments to identify potential attack vectors.

  • Develop and execute custom exploits to demonstrate real-world attack scenarios.

  • Document findings in clear, actionable reports tailored for both technical and non-technical stakeholders.

  • Collaborate with development and infrastructure teams to validate fixes and remediation efforts.

  • Stay current with emerging attack techniques, exploits, and security tools.

  • Contribute to red team exercises and adversarial simulations where applicable.

  • Ensure compliance with relevant standards (e.g., OWASP, NIST, ISO 27001, PCI DSS).

Qualifications

Required:

  • Proven experience in penetration testing or red teaming.

  • Strong knowledge of common attack techniques (e.g., SQL injection, XSS, privilege escalation, lateral movement).

  • Hands-on experience with security tools (e.g., Burp Suite, Metasploit, Nmap, Wireshark, Kali Linux).

  • Solid understanding of networking, operating systems (Windows/Linux), and application security.

  • Strong problem-solving, analytical, and communication skills.

Preferred:

  • Industry certifications such as OSCP, OSWE, GPEN, CEH, or equivalent.

  • Experience with scripting and automation (Python, PowerShell, Bash, etc.).

  • Familiarity with cloud security (AWS, Azure, GCP).

  • Knowledge of social engineering techniques and phishing simulations.

Soft Skills

  • Curiosity and creativity in finding security gaps.

  • Ability to think like an attacker but act with professional ethics.

  • Strong teamwork and collaboration with cross-functional teams.

  • Ability to explain complex technical issues in simple terms.

Why Join Us?

  • Opportunity to work on challenging and impactful security projects.

  • Continuous learning environment with support for certifications and training.

  • Collaborative culture focused on innovation and growth.

  • Competitive salary, benefits, and career progression opportunities.