GRC - Information Security Consultant (Junior)Adyta is a Portuguese company, a spin-off from the University of Porto, founded in 2015, as a result of Research & Development projects in Computer Science.Our offices are located at UPTEC – Science and Technology Park of the University of Porto, where we maintain a close relationship with the academic environment, allowing us to stay at the forefront of research and development in the areas in which we operate. Innovation is not just our ambition, but primarily our path.At Adyta, we operate in three main areas: Secure Communications, Cybersecurity Services, and Research & Development.In Secure Communications, we have developed two main products, Adyta.Phone and Adyta.IoT.In Cybersecurity Services, we offer a full range of services aimed at enhancing our clients' cybersecurity capabilities. We work with both the public and private sectors.In R&D, we seek to achieve more innovation in everything we do. Over the years, we have participated in several innovative projects. Currently, we are part of consortia that are working in the Quantum area on projects with Portuguese and European defense.The search for new and innovative solutions is one of our main focuses.Roles and ResponsibilitiesThe tasks to be performed are:Assist in developing, reviewing, and updating our client’s IT and security policies and procedures;Support the implementation of governance frameworks such as ISO 27001, NIST, or CIS Controls;Help document organizational compliance structures and ensure alignment with business objectives;Assist in identifying and assessing risks related to IT systems, processes, and business operations;Support the creation of risk registers, tracking identified risks, and their mitigation status;Work with senior team members to evaluate the effectiveness of risk controls;Assist in preparing for internal and external audits, including gathering evidence and maintaining audit trails;Track compliance requirements and deadlines to ensure ongoing adherence;Support the creation and delivery of security awareness programs;Help organize phishing simulations and training sessions for employees.RequirementsEducational Qualifications:Degree, or higher, in Computer Engineering, Electrical and Computer Engineering, Telecommunications Engineering, Networks and Computer Systems Engineering, Computer Science, Information Security.Professional Experience:Professional Training / Specific Knowledge:Understanding GRC frameworks, risk management methodologies, and compliance requirements;Basics of drafting, reviewing, and implementing IT and security policies;Familiarity with ISO 27001/27002 standards;Skills in drafting compliance reports, risk assessments, and policies;Willingness to learn and stay updated on emerging regulations and standards;Ability to clearly document findings and communicate them to different stakeholders;Effective communication skills with both technical and business teams.Preferred Conditions:Knowledge of basic security frameworks like NIST Cybersecurity Framework and CIS Controls;Exposure to tools and methodologies for identifying and assessing risks;Understanding of regulatory requirements such as GDPR, PCI DSS, HIPAA, or SOX;Attention to detail for tracking compliance tasks and preparing documentation;Knowledge in information security;Excellent communication and negotiation skills;Good command of English, both written and spoken;Good organizational skills.BenefitsA stable and multicultural work environment, focused on innovation and sustainability;Career progression opportunities;Opportunities to apply acquired technical knowledge;Development and training plan;Competitive salary, based on experience and qualifications;Health insurance;Opportunity to earn an annual performance-based award;Other benefits from special partner programs.Seniority LevelEntry levelEmployment TypeFull-timeJob FunctionInformation Technology
#J-18808-Ljbffr