Information Security Analyst

Overview

Information Security Analyst

Key Responsibilities:

· Implement and maintain ISO 27001:2022 controls and ensure compliance with ISMS requirements.

· Ensure compliance with HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) requirements for data privacy and protection.

· Monitor and analyze security alerts from various tools, including SIEM solutions.

· Conduct risk assessments and gap analysis aligned with ISO 27001:2022 Annex A controls, HIPAA Security Rule, and GDPR requirements.

· Assist in the development and continuous improvement of the Information Security Management System (ISMS).

· Support internal and external ISO 27001:2022 audits, HIPAA compliance audits, and GDPR data protection assessments, including evidence collection and corrective action implementation.

· Conduct vulnerability assessments and penetration testing to identify security risks.

· Investigate security incidents and support incident response efforts in accordance with ISO 27001:2022 Incident Management, HIPAA Breach Notification Rule, and GDPR Data Breach Notification requirements.

· Implement and maintain security policies, procedures, and controls aligned with ISO 27001:2022, HIPAA, and GDPR.

· Provide security awareness training to employees on ISMS policies, HIPAA security/privacy regulations, and GDPR compliance requirements.

· Collaborate with IT and development teams to ensure secure coding practices, system configurations, and data protection controls.

· Stay updated with the latest security threats, vulnerabilities, and mitigation strategies relevant to ISO 27001:2022, HIPAA, and GDPR compliance.

Required Qualifications & Skills:

· Bachelor's degree in computer science, Cybersecurity, Information Technology, or a related field.

· 5+ years of experience in information security or a related role, with hands-on experience in ISO 27001:2022 implementation, HIPAA compliance, and GDPR data protection.

· Strong understanding of ISO 27001:2022 framework, HIPAA Security and Privacy Rules, and GDPR principles.

· Experience with security tools such as firewalls, SIEM, IDS/IPS, and endpoint protection.

· Knowledge of ISO 27002:2022 controls, OWASP Top 10, secure coding practices, and cloud security principles.

· Hands-on experience with vulnerability management, risk assessment methodologies, and HIPAA risk analysis.

· Certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor.

· Strong analytical, problem-solving, and communication skills.

Preferred Qualifications:

· Experience in securing cloud environments (AWS)

· Understanding of network security architecture and encryption technologies

· Experience working with Electronic Health Records (EHR) systems or Healthcare experiences.

Job Types: Full-time, Permanent

Benefits:

• Health insurance
• Provident Fund

Schedule:

• Day shift
• Monday to Friday

Work Location: In person

Application Deadline: 25/03/2025
Expected Start Date: 01/04/2025