Responsibilities:
- Conduct regular security audits of IT systems, networks, and applications to identify potential risks, vulnerabilities, and areas of non-compliance.
- Evaluate the effectiveness of security controls, including firewalls, encryption protocols, access management, and intrusion detection systems.
- Review and assess security policies and procedures to ensure they are up-to-date and aligned with industry standards (e.g., ISO/IEC 27001, NIST, GDPR, PCI DSS).
- Assess and review access controls and user permissions to ensure appropriate levels of access are granted, and unauthorized access is prevented.
- Collaborate with the teams to ensure the implementation of necessary security measures to mitigate identified risks.
- Provide actionable recommendations to management for improving security posture and reducing risks.
- Prepare and present audit reports, highlighting security issues, risks, and recommendations to senior management and relevant stakeholders.
- Stay current with evolving cybersecurity threats, trends, and regulatory requirements to continuously improve security practices.
- Conduct security awareness training sessions for employees and assist in fostering a culture of security awareness.
Requirements:
Competencies (Soft Skills)
- Strong communication skills
- Analytical and critical thinking abilities
- Attention to detail and accuracy
- Teamwork and collaboration mindset
- Proactive learning and adaptability
- Effective time management
- Problem-solving capabilities
- Positive attitude and professional work ethic
Qualifications & Experience
- Bachelor’s or Master’s degree in Computer Science, Cybersecurity, Information Technology, or a related field
- Minimum 2 years of proven experience in a related role or similar position
Technical Expertise
- Strong understanding of information security principles and best practices, including risk management, security protocols, and regulatory requirements
- Experience working with security frameworks and standards such as ISO/IEC 27001, NIST, PCI DSS, and GDPR
- Familiarity with network security, firewalls, encryption techniques, and intrusion detection systems
- Ability to analyze and resolve security-related issues while ensuring compliance with industry standards
- Strong problem-solving skills and the ability to communicate complex security concepts in simple terms to non-technical stakeholders
- Ability to work both independently and as part of a collaborative team
Certifications (Preferred but not mandatory)
- Certification in information security auditing (e.g., CISA, CISM) or equivalent
Language Requirements
- Azerbaijani – Required
- English – Required
If you are interested in this position, you are welcome to contact us at [email protected]