Minimum Requirements; Work Experience, Academic and Professional Qualifications.

• Bachelor’s degree in IT, Information Systems, Computer Science, Cyber Security, or related fields.
  
• Basic knowledge of information security and risk management concepts.
  
• Familiarity with ISO 27001 and PCI DSS is an advantage.
  
• Understanding of networks, servers, operating systems, and databases.
  
• Ability to analyze logs, configurations, and security events.
  

Added Advantage Certifications.

• ISO 27001 Internal Auditor / Implementer
  
• CompTIA Security+
  
• ISC2 Certified in Cybersecurity (CC)
  
• ITIL Foundation
  
• Beginner‑level GRC or cybersecurity courses
  

Information Security & Risk Management

• Participate in identifying, assessing, and documenting IT/cyber risks.
  
• Assist in updating and maintaining the IT risk register.
  
• Track risk treatment plans and follow up with control owners.
  
• Support vulnerability tracking and assist in coordinating remediation activities.
  
• Help monitor and log security incidents and ensure timely reporting.
  

ISO 27001:2022 Implementation Support

• Assist in drafting and updating ISMS documents (policies, procedures, SOPs, risk assessments).
  
• Help conduct ISMS gap assessments and internal audits.
  
• Collect, organize, and maintain compliance evidence for ISO controls.
  
• Assist in tracking corrective and preventive actions (CAPA).
  
• Conduct periodic reviews to ensure departments maintain ISMS alignment.
  

PCI DSS Certification Support

• Assist in mapping cardholder data flows and maintaining network diagrams.
  
• Help prepare and update PCI DSS evidence (screenshots, process documents, change logs).
  
• Participate in internal readiness assessments and support Qualified Security Assessor (QSA) activities.
  
• Track remediation tasks for PCI requirements and follow up with IT teams.
  
• Monitor compliance with ongoing PCI DSS activities (log reviews, vulnerability scans, patching).
  

Governance, Risk & Compliance (GRC)

• Assist in monitoring compliance with internal IT and security policies.
  
• Support third‑party risk assessments of IT vendors and service providers.
  
• Assist in compiling periodic information security and risk reports.
  

Operational Support

• Maintain organized documentation repositories (ISMS library, SharePoint, etc.).
  
• Track deadlines, deliverables, and progress for certification projects.
  
• Assist in convening risk and security meetings, preparing minutes and follow‑up actions.
  
• Coordinate with teams across IT, operations, business units, and external auditors.