The current Job Description (JD) has been prepared based on employment contract with Junior/Mid GRC Specialist and in accordance with the Labor code of the Republic of Azerbaijan and other legal regulation governing labor relations.

Key Goal

• To actively contribute to the organization’s Governance, Risk, and Compliance (GRC) function by performing risk assessments, compliance monitoring, and audit preparation. The role balances learning with independent execution, focusing on improving the ISMS, aligning with standards (ISO 27001, NIST, PCI DSS), and supporting regulatory compliance while progressively taking ownership of key tasks.

Responsibilities (Managerial & Operational)
Managerial Responsibilities:

• Support the planning and execution of compliance projects and audits.
• Take ownership of specific audit workstreams (e.g., evidence gathering, control testing, reporting drafts).
• Participate in risk management and compliance meetings with management, occasionally presenting findings.
• Provide input into awareness programs and security culture initiatives.

Operational Responsibilities:

• Perform risk assessments and gap analyses on defined scope areas.
• Draft and maintain risk registers, treatment plans, and compliance dashboards.
• Prepare and review ISMS documentation, policies, and procedures with minimal supervision.
• Conduct internal control testing and assist in regulatory/compliance readiness activities.
• Monitor regulatory changes and translate them into compliance updates for the organization.
• Contribute to incident documentation, corrective actions, and continuous improvement.
• Support in developing management reports and presentations on risk and compliance status.

Competencies (Soft Skills)

• Strong analytical and problem-solving mindset.
• High attention to detail with structured reporting skills.
• Ability to manage tasks independently while collaborating with the team.
• Strong communication and stakeholder engagement skills.
• Proactive, adaptable, and willing to continuously learn.
• Professional integrity and confidentiality in handling sensitive information.

General requirements /Employees should know

• Current labor legislation of the Azerbaijan Republic.
• Methodological and normative materials related to company management system. 
• Requirements for business risk assessment documents.
• Internal company procedures, instructions related to Information Security Auditor and Consultant
• Orders and instructions of the CEO of B and B Security Alliance Limited LLC.
• Requirements of this job description.
• Rules and norms of labor protection.
• Fire safety rules.
• Internal labor regulations.
• ISO 9001:2015 International Standard for Quality Management Systems knowledge is preferable.
• ISO 27001:2022 International Standard for Information Security Management System knowledge is preferable.

Personnel specifications

Education:

• Bachelor’s degree in information security, Computer Science, IT, or a related field.
• ISO/IEC 27001 Foundation certification (at minimum, or to be obtained within the first year of employment).
• Additional training or certification in risk management, auditing, or compliance preferred.

Experience:

• 2–4 years of experience in Information Security, IT, Audit, or GRC functions.
• Hands-on exposure to risk assessments, audits, or compliance projects.
• Experience with ISO 27001 implementation/maintenance or similar frameworks strongly preferred.
• Track record of preparing reports, compliance evidence, or ISMS documentation.

Skills:

• Solid understanding of information security frameworks (ISO 27001, NIST CSF, PCI DSS).
• Knowledge of risk assessment methodology and ISMS development.
• Ability to draft policies, procedures, and audit documentation independently.
• Good presentation and reporting skills, including executive-level summaries.
• Research and interpretation of regulatory requirements into practical compliance tasks.

Languages:

• Azerbaijani – Native or fluent; required for audit interviews, documentation, and local standards.
• English – pre-intermediate minimum for understanding global frameworks and client documentation. Intermediate or Upper-Intermediate preferred for communicating findings, writing reports, and conducting international audits.
• Employee Rights and Liabilities

Rights:

• Has the right to request assistance from management in the performance of his / her duties.
• Rights specified in the Labor Code and related legislation.

Liabilities:

• Responsible for compliance with official duties.
• Violations of duties described in this job description incur liability in the cases stipulated by the labor legislation of the Azerbaijan Republic.
• Violations of the requirements of laws and regulations while carrying out work activities incur liability in the cases stipulated by the administrative, criminal and civil legislation of the Republic of Azerbaijan.
• Responsible for the maintenance, safety and proper operation of the company's entrusted equipment and responsible for taking all necessary measures to prevent damage to the company's other property.
• Financial losses occurred due to violations of job contracts and /or laws applicable to work incur liability in the cases stipulated by the labor, criminal and civil legislation of the Azerbaijan Republic.
• Responsible for protection of the interests of B and B Security Alliance Limited LLC
• The Employee is personally and unconditionally responsible for the signed documents.

Salary: upon the interview

Interested candidates can send their CV to the e-mail address in the Apply for job button.