Security Analyst - CISA/CISM

Kansoft is looking for a Security Analyst who will play a vital role in strengthening our information security framework, supporting audit readiness, and ensuring alignment with global security standards. The ideal candidate will have a strong understanding of security controls, risk management practices, and internal audit processes.

Key Responsibilities

• Implement and monitor information security controls across the organization.
• Support the development and maintenance of the Information Security Management System (ISMS).
• Conduct internal audits and assist during external assessments.
• Identify and report on security gaps, risks, and opportunities for improvement.
• Assist in creating and maintaining security documentation, including policies, procedures, and risk registers.
• Collaborate with cross-functional teams to ensure security practices are integrated into business processes.
• Conduct security awareness training and promote a culture of security.
• Track and manage non-conformities and corrective action plans.
• Support incident response planning and post-incident analysis.
• Keep up with evolving security standards and frameworks.
  
  

Required Skills & Qualifications

• Bachelors degree in Information Security, Computer Science, or a related field.
• 25 years of experience in a security or risk management role.
• Familiarity with information security standards, frameworks, and control implementation.
• Strong understanding of audit processes and risk assessment methodologies.
• Experience writing and managing security policies and procedures.
• Excellent communication and documentation skills.
• Strong analytical and problem-solving abilities.
  
  

Preferred Qualifications

• Certifications such as Security+, CISA, CISM, or Lead Auditor/Implementer (any standard).
• Experience working with ISMS platforms or GRC tools.
• Understanding of data protection regulations and security compliance requirements.
• Experience with ISO 27001, SOC 2, GDPR, PCI-DSS, and other regulatory standards is preferred.
  
  

(ref:hirist.tech)