This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
Responsible for supporting Lulu Retail's information security governance, risk, and compliance (GRC) activities by identifying, assessing, monitoring, and reporting information security risks. The role assists in maintaining security policies, ensuring regulatory compliance, supporting audit activities, and promoting security awareness across the organization to strengthen the overall security posture.
Job Responsibility
Assist in the development, maintenance, review, and communication of information security policies, standards, procedures, and guidelines
Conduct information security risk assessments for systems, applications, cloud services, projects, and business processes, and track remediation of identified risks
Monitor and maintain compliance with applicable regulatory, legal, and industry requirements, including ISO 27001, NIST, PCI-DSS, GDPR, PDPL, and internal security policies
Coordinate and support internal and external audits, security assessments, and regulatory reviews, including evidence collection, stakeholder coordination, documentation, and remediation tracking
Monitor security governance, risk, and compliance activities and prepare periodic reports, dashboards, metrics, and management presentations on security posture and compliance status
Support information security awareness and training initiatives, including awareness campaigns, phishing simulations, and monitoring employee participation and effectiveness
Collaborate with IT, application, cloud, and security teams to ensure security controls are implemented, maintained, and aligned with organizational policies, regulatory obligations, and project requirements
Support third-party and vendor security risk assessments, including due diligence reviews, security evaluations, and follow-up on remediation actions
Requirements
Bachelor's degree in information security, Cybersecurity, Computer Science, or a related field
2 years of experience in information security governance, risk, and compliance
Experience supporting ISO 27001, PCI-DSS, NIST, IT audits, or regulatory compliance programs is preferred
Good understanding of information security principles, risk management methodologies, and security frameworks
Professional certifications such as ISO 27001 LA, CISA, Security+ are desirable
Strong communication skills with the ability to explain technical concepts to non-technical stakeholders
Strong organizational and time management skills
Ability to work independently and collaboratively within a team
Nice to have
Master's degree
Experience supporting ISO 27001, PCI-DSS, NIST, IT audits, or regulatory compliance programs
Professional certifications such as ISO 27001 LA, CISA, Security+