We are seeking a motivated Information Security Specialist with a strong foundation in compliance frameworks and offensive security. The ideal candidate will have hands-on experience with ISO 27001, HIPAA, SOC 2, as well as practical skills in penetration testing and security risk assessments. This role requires both a compliance mindset and an attacker’s perspective to ensure a well-rounded approach to organizational security.
Key Responsibilities:
● Governance, Risk & Compliance
○ Maintain and improve the organization’s Information Security Management System (ISMS) in alignment with ISO 27001.
○ Support compliance efforts for HIPAA and SOC 2 frameworks.
○ Conduct risk assessments, document findings, and recommend remediation strategies.
○ Assist in preparing for internal and external audits.
● Offensive Security & Technical Security Testing
○ Perform internal and external penetration testing, including web, network, and cloud environments.
○ Conduct vulnerability assessments and report exploitable weaknesses.
○ Simulate real-world attack scenarios to test security controls and incident response readiness.
● Security Awareness & Incident Support
○ Work with cross-functional teams to improve security posture.
○ Contribute to security awareness training programs.
○ Assist in security incident investigations and root cause analysis.
Requirements
Required Qualifications● Education: Bachelor’s degree in Information Security, Computer Science, or related field (or equivalent experience).
● Certifications:
○ Mandatory: ISO 27001 Lead Implementer (LI)
○ Offensive Security Certifications: CPPT, CWPTX or similar
● Experience:
○ 2–3 years in information security roles covering both compliance and offensive security.
○ Hands-on involvement in ISO 27001 implementation/maintenance, HIPAA, and SOC 2 compliance projects.
○ Experience performing penetration tests and vulnerability assessments.
Desired Skills:
● Knowledge of security standards such as NIST, CIS Controls, and GDPR.
● Strong report writing and communication skills for both technical and non-technical audiences.
● Understanding of incident response processes.
Report job
