Job Description
Job Title Info-sec Program Coordination Professional
Sector Strategy
Division Risk & Compliance
Section Information security
Report To Information Security Senior Manager
Main Job Purpose:
The primary objective of this role is to support the InfoSec department by coordinating security programs,
managing testing activities, and tracking remediation efforts. This role analyzes cyber and data risks,
evaluates security controls, and contributes to policy development while ensuring compliance with
regulatory standards. Additionally, collaborate with internal teams to enhance security awareness, monitors
follow-up on security findings, and helps strengthen the organization’s overall security posture.
Duties & Responsibilities:
1. Contribute to monitoring the organization’s cyber and data risk exposure and report potential risks
to senior team members.
2. Support the implementation of security governance strategies and solutions in line with policies and
best practices.
3. Help evaluate the effectiveness of security controls and document findings for further review.
4. Provide input to internal teams on applying security measures under guidance from senior staff.
5. Collaborate with HR, IT, Legal, R&C, and business units to help ensure security measures are
followed.
6. Act as a point of contact (SPOC) for coordinating basic risk and compliance communications with
stakeholders, including GRC Champions.
7. Assist in maintaining and updating security policies, procedures, and guidelines.
8. Coordinate risk assessments requirements for review by senior colleagues.
9. Prepare and organize reports on security findings, vulnerabilities, and compliance issues for senior
management.
10. Support the delivery and tracking of internal security awareness programs.
11. Maintain documentation for risk assessments, audits, and mitigation actions.
12. Assist in coordinating internal and external security audits, ensuring documentation and compliance
requirements are met.
13. Track follow-up actions on security and compliance issues and report progress to senior staff.
14. Communicate updates and reminders to stakeholders about security policies and required actions.
15. Support R&C and InfoSec teams in day-to-day tasks to strengthen the organization’s risk culture and
awareness.
Behavioral Competencies:
1. Communication: Clearly and confidently conveys complex ideas to diverse audiences, ensuring
alignment and shared understanding across teams and stakeholders.
2. Collaboration: Builds strong cross-functional relationships, promotes teamwork, and aligns efforts
to achieve shared organizational goals.
3. Problem Solving& Decision Making: Makes informed decisions by analyzing complex issues,
evaluating risks, and applying sound judgment to resolve challenges and drive results
4. Analytical Thinking: Breaks down complex information into manageable parts. Uses data and
evidence to understand problems, evaluate options, and support decisions.
5. Proactivity & Initiative Taking: Anticipates potential challenges or opportunities and takes action
ahead of time. Acts independently to begin tasks or projects without being prompted, showing
ownership and drive.
6. Result Orientation: Focuses on achieving goals and delivering high-quality outcomes. Maintains
accountability for performance and continuously seeks ways to improve results.
Technical Competencies:
1. Secure Controls Framework Knowledge: understanding the application of industry-recognized
secure controls frameworks (e.g., NIST, ISO 27001, CIS Benchmarks) and best practices for robust
security governance and compliance.
2. Legal, Regulatory, and Privacy Compliance: knowledge of national and international cybersecurity
laws, data privacy regulations (e.g., GDPR, CCPA), and their practical implementation to ensure
organizational adherence.
3. Risk Management Methodologies: Limited expertise in quantitative and qualitative risk assessment,
analysis, and mitigation strategies for complex cyber and data risks, including experience with GRC
platforms.
4. Enterprise IT and Telecom Systems Security: Basic knowledge of security principles and controls
across diverse enterprise IT infrastructures, cloud platforms, networking protocols, and
telecommunications systems.
5. Security Controls Evaluation & Monitoring: Ability to assist in reviewing the effectiveness of security
controls.
6. Security Reporting & Documentation: Strong skills in preparing clear and structured security
reports.
Qualifications:
Education
A bachelor’s degree in computer science, information technology, security, computer
engineering, or related disciplines.
Experience
3-5 Years of experience in Technology/IT, with at least 1 years in an information security
role.
Certificates
Preferred certificates such as Certified in Risk and Information Systems Control (CRISC) |
ISO 27001 certificate.
Language Fluency in English (written & spoken)
