Match Profiler is an Information Systems consultant who has been working in the national and international market since 1999. We have multidisciplinary skills and IT know-how that allow us to contribute, optimize and progress with our clients. We are currently recruiting, for integration in our internal team/client, professionals with the following profile:
IT Security Specialist GRC - Hybrid (Porto - 2 days/week)
Hard skills
* Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related
* 3+ years of experience in Information Security GRC
* Strong knowledge of security frameworks (e.g., ISO 27001, ISO27005, NIST, IEC 62443)
* Familiarity with regulatory requirements such as GDPR, NIS2, etc
* Experience with risk management tools, compliance platforms, and security monitoring solutions
* Experience conducting security audits and risk assessments
* Understanding of IT security principles, cloud security, and network security
* Availability to travel, mainly in Europe
* Fluent in English
Responsibilities
* Assist the ISO in implementing the information and cyber security strategy and program
* Support the development and implementation of a risk management methodology aligned with company' strategy and policies
* Ensure alignment between information and cyber security risk management and the company risk management framework
* Provide guidance and support on information and cyber security risk management activities
* Assess the effectiveness of security controls in IT and OT environments
* Monitor information and cyber security risks by evaluating control implementation, asset vulnerabilities, threat landscapes, and security incidents
* Report risk trends to Risk Owners and other relevant committees
* Develop and maintain security documentation, including standards, processes, procedures, guidelines, contractual clauses, and control catalogs
* Design and maintain an unified IT and OT security architecture aligned with the overall security strategy
* Establish a security architecture repository: principles, terminology, security services, control frameworks, and reference models
* Support first-line teams in identifying and addressing cyber security risks and requirements in new products, projects, processes, and services
* Develop and implement security education, training, and awareness programs to foster security-conscious behaviors across IT and OT environments
* Provide evidence of risk oversight and control implementation for internal and external audits
* Communicate the status and progress of the security program to key stakeholders
* Monitor compliance with security architecture and standards.
* Collect and analyze key performance and effectiveness metrics to support decision-making and inform the ISO.
Soft skills
* Good communication
* Team spirit
* Proactivity
* Time management
What we can offer
* Personalized support from your team
* Your manager will take into consideration your motivations and suggestions
* Victories will be celebrated together
* Your HR and Support Teams will always be available to help
* Constant feedback on your work
* A network of hundreds of partnerships with companies from numerous sectors that offer you exclusive discounts (health, well-being, travel, gastronomy, culture, leisure, training, etc)
* And, of course, many gatherings and social events