Hiring - Analyst/Sr Analyst IT Security & Governance - Columbus Global

Position Summary

We are looking for a proactive and detail-oriented Senior/ IT Security Analyst to lead and support enterprise-wide security initiatives. This role plays a critical part in advancing our Governance, Risk, and Compliance (GRC) maturity, enhancing operational security, and fostering a strong security culture across global teams. The ideal candidate will bring deep expertise in ISO 27001, NIS2 alignment, incident response, and modern security technologies.

Required Qualifications

• Bachelors degree in Information Security, Computer Science, or a related field.
• Minimum 3-8 years of experience in IT security, with a strong background in GRC and operational security.
• Proven experience with ISO 27001, NIS2, and enterprise risk management frameworks.
• Hands-on expertise with SIEM, DLP, vulnerability management, and access control tools.
• Strong analytical, documentation, and stakeholder engagement skills.

Key Responsibilities

1. Governance, Risk, and Compliance Excellence

• Maintain ISO 27001 certification through annual internal audits and timely reporting.
• Align the Information Security Management System (ISMS) and security policies with the NIS2 Directive in collaboration with Legal.
• Conduct quarterly Risk Analysis reviews and maintain an up-to-date Enterprise Risk Register.
• Coordinate external audits, ensuring zero major non-conformities.

2. Security Operations and Incident Response

• Monitor and respond to IT Security queries.
• Conduct quarterly firewall port and application access reviews for all critical systems.
• Complete annual security reviews for key applications and maintain updated exception handling processes.

3. Policy, Awareness, and Collaboration

• Lead annual global policy reviews, ensuring alignment with regulatory requirements.
• Organize Cybersecurity Awareness Month and publish monthly Knowledge Bytes in collaboration to foster security culture.

4. Strategic Security Initiatives and Capability Building

• Support SIEM implementation with full log integration from critical assets.
• Deploy DLP and other security stack with milestone-based tracking.
• Complete RFPs and vendor security questionnaires.
• Maintain and update the Project Security Manual quarterly.

5. Data Privacy and Protection

• Ensure compliance with GDPR, NIS2, and other applicable data protection regulations across all business units.
• Conduct Data Protection Impact Assessments (DPIAs) for new projects and systems handling personal data.
• Maintain and enforce the Data Processing Agreement (DPA) framework in collaboration with Legal and Procurement teams.
• Monitor and report on data privacy metrics, including incident trends, training completion, and audit findings.

Preferred Qualifications

• Professional certifications such as ISO 27001 Lead Auditor/Implementor, CEH, Security+, SSCP or equivalent.
• Experience coordinating external audits and managing cross-regional compliance programs.