Job Purpose:Support the implementation, monitoring, and continuous improvement of information security governance, risk management, and compliance program. This role contributes directly to maintaining ISO 27001:2022 certification, supporting surveillance and external audits, driving KPI/KRI reporting, and enabling the maturity and scalability of GRC processes.Job Responsibilities:▪ Support the development, implementation, and enhancement of the Information Security Management System (ISMS) in line with ISO 27001:2022 .▪ Assist in maintaining GRC policies, procedures, and standards aligned with regulatory and business requirements▪ Gather and report on security-related KPIs and KRIs to monitor control effectiveness and program health▪ Participate in risk assessments, maintain the risk register, and support mitigation tracking▪ Contribute to internal and external audit readiness, including ISO surveillance visits▪ Collaborate with internal stakeholders to promote security awareness and compliance culture▪ Support the implementation and use of GRC platforms (e.g., ServiceNow GRC, Archer, OneTrust)▪ Engage with ongoing projects to support secure development practices, compliance checks, and risk registers▪ Prepare documentation and participate in quarterly ISMS and GRC reporting cycles▪ Operates under the direction of the GRC Manager with a focus on execution and coordination, not strategic program ownershipJob Skills and Abilities:- Basic understanding of ISO 27001and risk frameworks- Awareness of data protection laws- Familiarity with risk management processes- Clear communication and cross-functional collaboration- Analytical and documentation skills- Process-focused, detail-oriented mindset- Ability to coordinate across departments on compliance topics- Ability to manage multiple assignments under supervision- Ability to collect and maintain reliable compliance data