GRC Specialist $$$

We are looking for an Information Security / GRC Specialist to support the implementation and development of an Information Security Management System (ISMS) aligned with ISO/IEC 27001.

This role focuses on information security governance, risk management, and compliance activities, including developing and maintaining information security policies and procedures, conducting risk assessments, supporting the implementation of security controls, and preparing the organization for internal and external audits.

You will collaborate with technical teams, management, and process owners to ensure that security controls and processes are implemented effectively across the organization.

Responsibilities:

Support the implementation and ongoing maintenance of the ISMS aligned with ISO/IEC 27001.
Develop and maintain information security policies, procedures, and standards.
Conduct information security risk assessments for business processes, assets, and projects.
Support internal and external audit activities, including evidence preparation and remediation tracking.
Assist in identifying and implementing security controls and risk mitigation measures.
Maintain ISMS documentation, including risk registers, policies, procedures, and compliance records.
Monitor compliance with internal security policies and relevant regulatory requirements.
Support security awareness and training initiatives for employees.
Assist with business continuity documentation and exercises (BIA, BCP, DRP) when required.

Requirements:

2–4 years of experience in information security, risk management, compliance, or GRC roles.
Practical experience working with information security policies, procedures, and documentation.
Understanding of information security risk management principles.
Familiarity with ISO/IEC 27001:2022 and ISMS implementation or maintenance.
Experience preparing documentation for internal or external audits.
Strong analytical, organizational, and documentation skills.
Ability to collaborate with technical and non-technical stakeholders.

Nice to Have:

Experience supporting ISO 27001 certification or compliance projects.
Knowledge of additional frameworks (e.g., NIST, SOC 2, GDPR, ISO 27005).
Familiarity with business continuity concepts (BIA, BCP, DRP).
Experience with GRC tools or compliance management platforms.
ISO 27001-related certification (Lead Implementer, Lead Auditor, or Foundation).

Required skills experience

ISO 27001	1 year
ISMS	1 year
Security Audit	1 year
Information Security	2 years
Cybersecurity Compliance Assessment	1 year

Required languages

English	B1 - Intermediate
Ukrainian	Native

analytical skills, ISO 27001, ISO 22301, ISMS, BCMS, Security Audit, information security

Published 1 May 2025 · Updated 2 March

24 views

1 application

Response activity: Low

Last responded more than a month ago

To apply for this and other jobs on Djinni login or signup.

from 3 years of experience

Considering with 2 years of experience
Office Work
Ukraine
Countries where we consider candidates
- English B1 - Intermediate
- Ukrainian Native

Security Analyst

ISO 27001	1 year
ISMS	1 year
Security Audit	1 year

+ 2 more

Employment: Fulltime
Domain: Other
Product
Office: Ukraine (Kyiv)

Apply for the job

Response activity: Low

Last responded more than a month ago

📊 Average salary range of similar jobs in analytics →