Advisory-L2/L3

Job Statement:

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360 platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages are tailored to client needs and budgets, with external threat analysis provided at no costdemocratizing access to enterprise-grade cybersecurity for all.

high-energy, results-oriented GRC professional with 6 to 10 years of experience

Key Responsibilities:

• Serve as a

  subject matter expert

  on information and cybersecurity governance, risk, and compliance (GRC) services and solutions.
• Execute security assessments of on-premise/cloud IT environments aligned with business objectives and regulatory requirements.
• Conduct testing and validation of IT security controls, documenting findings and preparing detailed reports.
• Manage and perform

  internal audits

  as per the

  CISO’s directives

  , contributing to risk posture improvements and present the metrics to the CISO on a regular basis.
• Apply knowledge of the

  Digital Personal Data Protection Act, 2023

  , and other global data protection laws.
• Utilize and manage GRC tools and platforms.
• Conduct security control assessments for web/mobile applications and enterprise systems.
• Drive third-party risk management and support client-facing initiatives.
• Deliver complex GRC projects in dynamic, fast-paced environments.
• Engage in knowledge-sharing forums to strengthen team capabilities.
• Continuously enhance the cybersecurity strategy based on evolving threats and technologies.

Job Requirements:

1. Qualifications:

• Bachelor’s degree in Engineering or a related technology discipline.

• Mandatory Certification

  :
• Must possess

  CISA

  or

  ISO 27001 Lead Auditor

  certification.
• Additional certifications preferred:
• ISO 27001 Lead Implementer
• CISSP, CIPP, CCSK, or CCSP
• Public Cloud certifications (AWS, Azure, GCP)

2. Experience:

• 6 to 10 years

  of total experience with proven exposure to both

  IT and GRC functions

  .
• Experience in internal audits, consulting, and cybersecurity risk advisory.

3. Desired Skills:

• Deep understanding of information security principles and compliance frameworks.
• Strong understanding of the IT topology and application development principles
• Hands-on experience with security tools (e.g., vulnerability scanners, code review platforms).
• Strong exposure to IT/cybersecurity standards: ISO 27001/27005, NIST CSF, PCI DSS, SOC 1/2, GDPR, COBIT.
• Excellent communication skills, documentation abilities, and stakeholder engagement.
• Experience in program and project management within cybersecurity initiatives.

4. Personal Attributes:

• Self-starter with strong problem-solving skills.
• Highly motivated and able to work with minimal supervision.
• Strong prioritization and multitasking abilities under pressure.