Security Engineer
About the Role
You will design, draft, and maintain information security policies, standards, and SOPs. You will assess control effectiveness and perform risk assessments across IT processes. You will coordinate and support internal and external audits, prepare audit documentation, and track remediation plans. You will analyze compliance with relevant laws and standards and deliver security awareness training and materials.
Requirements
- Bachelor's degree in Information Security Computer Science IT Management Risk Management or related field
- 3–5 years of experience in information security with policy writing and audit experience
- Familiarity with ISO 27001 CIS Controls NIST and MAS TRM
- Ability to review IT processes design controls and write security policies and SOPs
- Experience supporting internal external audits and regulatory checks
- Ability to track and report on audit findings and improvement plans
- Strong writing and documentation skills
- Preferred certifications such as CISA CISM or ISO 27001 LA LI
- Experience with financial industry audits and cross-team process reviews
Responsibilities
- Design and maintain information security policies, standards, and SOPs
- Assess effectiveness of security controls and recommend improvements
- Conduct risk assessments for IT processes such as access control and change management
- Support departments in integrating security controls into workflows
- Coordinate internal and external audits and regulatory inspections
- Prepare audit documentation such as control narratives, flowcharts, and workpapers
- Analyze compliance with laws and industry standards and provide implementation guidance
- Plan and deliver security awareness training and promotional activities