IT Associate - Cybersecurity & Compliance

Role Summary: The IT Associate - Cybersecurity & Compliance is a hands-on GRC professional responsible for supporting and executing the organization's security and compliance programs. This role focuses on ensuring adherence to regulatory standards, maintaining risk documentation, managing security metrics, and actively supporting audit readiness, incident response, and continuous compliance efforts.

Key responsibilities for the role: Manage and track cybersecurity and compliance metrics (KPIs) Support and execute internal and external security audits and compliance checks. Ensure adherence to regulatory standards, particularly GDPR and ISO 27001. Conduct and support Security and Privacy Impact Assessments (SPIA) for new systems. Maintain and update key governance documentation, including the ROPA. Lead and coordinate technical activities during security incident response. Track and facilitate the remediation of audit findings and control gaps. Assist in the review and implementation of security policies and standards. Support the delivery of mandatory cybersecurity awareness training.

Required Skills & Experience: Minimum 2-4 years of experience in an Information Security, IT Audit, or Governance, Risk, and Compliance (GRC) role. Working knowledge of major security frameworks, including ISO 27001. Solid understanding of data protection regulations, particularly the core principles and requirements of GDPR. Proven ability to create, maintain, and manage formal documentation such as risk registers, policies, and procedural guides (e.g., ROPA). Strong analytical, organizational, and critical thinking skills with acute attention to detail. Excellent verbal and written communication skills for articulating complex compliance issues to technical and non-technical audiences.

Preferred Qualifications: Bachelor’s degree in Information Technology, Computer Science, or a related field. Industry-recognized certifications, such as CompTIA Security+, CISA (Certified Information Systems Auditor), or CISM (Certified Information Security Manager) will be preferred. Familiarity with vulnerability management, security monitoring tools and cloud security concepts. Direct experience preparing for or participating in external audits for compliance standards.