AI Security & Compliance Specialist (ISO 42001 | ISO 27001 | NIST CSF)

Job Statement:

NopalCyber makes cybersecurity manageable, affordable, reliable, and powerful for companies that need to be resilient and compliant. Managed extended detection and response (MXDR), attack surface management (ASM), breach and attack simulation (BAS), and advisory services fortify your cybersecurity across both offense and defense. AI-driven intelligence in our Nopal360° platform, our NopalGo mobile app, and our proprietary Cyber Intelligence Quotient (CIQ) lets anyone quantify, track, and visualize their cybersecurity posture in real-time. Our service packages, which are each tailored to a client’s needs and budget, and external threat analysis, which provides critical intelligence at no-cost, help to democratize cybersecurity by making enterprise-grade defenses and security operations available to organizations of all sizes. NopalCyber lowers the barrier to entry while raising the bar for security and service.

We are looking for a detail-oriented and proactive GRC professional with hands-on experience in cybersecurity, compliance, and a strong emerging interest or practical experience in AI security frameworks, adhering to evolving standards like ISO 42001, ISO 27001, and NIST CSF.

Job Responsibilities:

• Implement and manage security controls specifically designed for AI systems throughout their lifecycle (data collection, model training, deployment, monitoring).
• Address AI-specific security risks such as data poisoning, model inversion attacks, adversarial attacks, and prompt injection vulnerabilities.
• Lead or support the implementation and maintenance of our ISO 42001 (Artificial Intelligence Management System), ensuring compliance with its requirements for trustworthiness, robustness, and ethical considerations in AI systems.
• Conduct AI-specific risk assessments, identifying and mitigating risks related to AI bias, privacy, security, and societal impact.
• Develop, review, and refine comprehensive AI security, data governance, and information security policies, standards, and procedures, ensuring alignment with ISO 42001.
• Prepare for and support internal and external audits for ISO 42001 certification.
• Contribute to the design, implementation, and continuous improvement of our ISO 27001 (Information Security Management System), ensuring its relevance and effectiveness
• Support in audits, risk assessments, and gap analysis, ensuring adherence to compliance requirements.
• Assess organizational cybersecurity posture using the NIST Cybersecurity Framework (CSF).
• Identify and document gaps and provide recommendations of security measures aligned with NIST CSF. Prepare compliance status and risk reduction strategies.
• Assist in drafting and updating organizational policies and procedures for governance and compliance.
• Deliver complex projects in a fast-paced, team environment

Job Specifications:

1. Qualification:

• Bachelor’s degree in Engineering or closely related coursework in technology development disciplines
• Certifications – Security+, CEH, ISO 27001 Lead Implementer/Lead Auditor, ISO 42001 Lead Implementer, CISA, relevant certification in AI Security (good to have, but not mandatory)

2. Experience:

• Total Experience -2 to 8 years

Knowledge and Experience:

• Demonstrable practical experience with ISO 27001 implementation, maintenance, or audit support.
• Strong understanding and practical application experience with the NIST Cybersecurity Framework (CSF).
• Familiarity with or emerging experience in AI security concepts (e.g., model security, data integrity for AI, bias mitigation).
• Awareness of or exposure to ISO 42001 principles and requirements for AI management systems is highly desirable.
• Good understanding of information security principles and related compliance controls. Ability to articulate the relevance of the security controls
• Experience in delivery of Information Security risk and compliance advisory services
• Experience in management consulting and information security audits
• Experience around technology risk assessments
• Ability to research and develop new risk-based security offerings
• Comfortable working in a project based / client serving model

Personal Attributes

• Self-starter and quick learner requiring minimal ramp-up
• Excellent written, oral, and interpersonal communication skills
• Highly self-motivated, self-directed, and attentive to detail
• Ability to effectively prioritize and execute tasks in a high-pressure environment