The Information Security Compliance Specialist will perform a comprehensive review of the organization’s applications, APIs, and supporting infrastructure to ensure compliance with information security best practices, internal policies, and regulatory frameworks such as NESA, ISO 27001, GDPR, PCI-DSS and industry standards.The specialist will assess current controls, identify security gaps, and produce a detailed audit report outlining findings, risks, and actionable recommendations to strengthen the security posture.

• Conduct end-to-end security compliance reviews for all applications, APIs, and supporting systems.
• Evaluate system configurations, access controls, data flows, encryption practices, and deployment environments.
• Review application development and change management processes for secure coding and deployment practices.
• Assess compliance with NESA, ISO 27001, NIST, GDPR, PCI-DSS and internal information security policies.
• Identify and document non-compliance areas, control weaknesses, and potential risks.
• Provide practical, prioritized recommendations for remediation and improvement.
• Collaborate with application owners, IT, and development teams to validate findings and clarify technical aspects.
• Deliver a final audit report summarizing the assessment results, risk ratings, and compliance status.
• Transform the findings into actionable items along with different stakeholders and keep a track on progress 

• Bachelor’s degree in Information Security, Computer Science, IT, or related field.

• 3–6 years of experience in information security, IT governance, or compliance.
• Knowledge of regulatory requirements (e.g., GDPR, local data protection laws, etc. depending on jurisdiction).
• Familiarity with security standards/frameworks (ISO 27001, NIST CSF, SOC 2, COBIT, etc.).
• Experience with audit processes and vendor security risk management.