Security & Compliance Analyst at pycs

Key Roles and Responsibilities


Establish and manage the company's security processes, including policies, tools, workflows, and documentation.
Monitor all applications and systems daily to identify and respond to potential threats or unusual activity.
Monitor, manage, and update the SIEM system to detect and respond to security threats. This includes setting up alerts, reviewing logs, investigating incidents, and ensuring all key systems are sending data to the SIEM.
Maintain access control mechanisms including user provisioning, de-provisioning, and role-based access
Handle all reported security issues-investigate, resolve, and ensure proper communication and follow-up within the SLA.
Develop clear security playbooks and procedures for incident response, access control, and reporting.
Conduct regular system and application checks to identify vulnerabilities and work with the team to resolve them.
Identify and mitigate security vulnerabilities in coordination with relevant teams.
Ensure compliance with relevant standards and regulations, including PCI DSS, ISO 27001, GDPR, CBK guidelines, and others as required.
Maintain detailed records of incidents, and actions taken, and prepare periodic security reports for management.
Manage access rights across systems,ensure proper permissions, regular reviews, and timely updates.
Support the implementation of encryption and secure communication protocols to ensure the security of data in transit.
Support client and auditor requests related to security by providing clear responses and documentation.
Train staff on basic security practices and ensure team members follow the company's security policies.
Actively support employee onboarding by leading training sessions on relevant topics and providing departmental introductions to new hires.
Stay updated on evolving security threats, tools, and regulatory changes, and ensure internal practices are updated accordingly.
Support access control management within infrastructure environments, ensuring appropriate permissions are granted and reviewed periodically.
Participate in daily stand-ups, planning meetings, and retrospectives to learn agile development rhythms.
Perform any other duties as required to support the business in response to evolving needs, changes, and growth.


Qualifications


Bachelor's or Master's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
At least 4 years of experience in information security, cybersecurity, or IT risk management.
Knowledge of firewalls, intrusion detection systems, SIEM, and antivirus software.
Experience with security frameworks (ISO 27001, NIST, CIS Controls, etc.).
Familiarity with network security, penetration testing, and incident response.
Strong understanding of cloud security (AWS, Azure, GCP).
Certifications such as CISSP, CISM, CEH, or CompTIA Security+ (preferred).
Excellent problem-solving, analytical, and communication skills.