Velsera
Information Technology and Services
SeniorInfoSecGRCSpecialist
“Senior InfoSec GRC Specialist at Velsera. Skills: Information Security GRC, risk management, compliance, governance, ISO 27001, Cloud Security. Develop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framework. Lead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audits”
What You'll Achieve.
readiness for external certification audits; demonstrate compliance with relevant frameworks; track remediation efforts to closure; enhance the compliance and risk posture
Industry & Context.
What They're Looking For.
Must Have
Minimum of 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governance, Proven, hands-on experience driving and maintaining ISO 27001 certification programs, Deep practical knowledge and experience of implementing security controls ensuring compliance in a technical, cloud-centric environment, technical competency in Cloud Security (AWS, Azure, or GCP) and related cloud-native security services, Hands-on experience with NIST 800-53 compliance frameworks is required
Nice to Have
CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), ISO 27001 Lead Implementer/Auditor, CCSK (Certificate of Cloud Security Knowledge) or equivalent Cloud-specific security certification (e. g. , AWS Certified Security, Azure Security Engineer)
What You'll Do.
and maintain comprehensive information security policies
and procedures aligned with the ISO 27001 framework
and mature the organization's Information Security Management System including risk treatment
and readiness for external certification audits
Serve as the subject matter expert (SME) for Security and Privacy Rules
ensuring compliance for all systems
and applications handling PII and Protected Health Information (PHI)
Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant frameworks
conduct and manage internal and supplier audits
prioritise and implement them in timebound manner
Perform detailed security risk assessments and gap analyses on new and existing systems
with a focus on cloud infrastructure
Collaborate with Product
IT and Security teams to implement security controls into cloud / infra / environments
Review risk mitigations periodically and track remediation efforts to closure
Conduct third-party vendor risk assessments
focusing on their adherence to required compliance standards
Develop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff
including technical teams
Evaluate and recommend new security technologies and processes to enhance the compliance and risk posture
Stay current on emerging cloud security threats
and updates to the ISO 27001 family of standards and HIPAA
How You'll Work.
Team & Collaboration
Collaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring compliance; Provide technical guidance to them on implementing controls and best practices, specifically related to cloud security architecture and configurations; A collaborative and proactive mindset, with the ability to influence and lead cross-functional teams without direct authority
Communication Scope
Proficiency in written and verbal communication skills with the ability to translate complex security and compliance requirements / controls into clear actionable
Process & Methodology
project management and organizational skills to handle multiple, simultaneous audit and compliance initiatives
Applying for this Senior InfoSec GRC Specialist role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
ANONYMOUS · UNFILTERED
What do employees actually say about Velsera?
Real rants from real employees. Read before you apply.