• Work experience at the country’s leading mobile operator
• The opportunity to work in an agile, innovative, and result-oriented team within a professional corporate environment
• Continuous career development opportunities
• Training and personal development programs
• Competitive salary
• Performance-based bonus payments
• Medical insurance (including spouse and children)
• Corporate mobile phone and number
• Unlimited Azeronline Internet package
• Additional benefits and discounts
• Develop, implement, and maintain the organization’s information security risk management framework in alignment with ISO 27005, NIST, or other relevant standards.
• Define risk assessment methodologies, risk appetite, and risk tolerance levels in collaboration with stakeholders.
• Lead project-specific information security and technology risk assessments.
• Collaborate with departmental SPOCs and ERM to manage technology and security-related risks.
• Identify, analyze, and evaluate emerging threats, vulnerabilities, and business impacts.
• Maintain and update the risk register, ensuring accuracy and timeliness.
• Develop and recommend risk treatment plans and mitigation strategies.
• Track and monitor remediation activities, escalating overdue or high-risk issues.
• Ensure risk ownership and accountability across business units.
• Ensure risk management activities comply with applicable regulations, standards, and contractual obligations (ISO 27001, ISO 27701, GDPR, PCI DSS, etc.).

• Bachelor’s degree in Information Security, Computer Science, IT, Information Systems, Cybernetics or a related field.
• 3+ years of progressive experience in information security risk management, governance, or IT risk.
• Proven track record in conducting and leading information security risk assessments (asset-based, process-based, project-based, or enterprise-wide).
• Experience developing and maintaining risk registers, heat maps, and risk treatment plans.
• Hands-on involvement with regulatory and standards-based risk requirements (ISO 27001/27005, NIST, COBIT, PCI DSS, GDPR, etc.).
• Experience in third-party/vendor risk assessments and contract security reviews.
• Exposure to cloud and emerging technology risk management (AWS, Azure, GCP).
• Previous experience supporting incident investigations and root cause/risk analysis.
• Familiarity with GRC platforms (Archer, ServiceNow GRC, OneTrust, MetricStream, or similar).

Desired Skills:

• Deep knowledge of risk management standards (ISO 27005, ISO 31000, NIST RMF, FAIR, etc.).
• Understanding of IT and security domains (networks, cloud, identity & access management, data protection, incident response, business continuity).
• Strong skills in developing risk metrics, KRIs, and executive dashboards.
• Familiarity with threat intelligence and vulnerability management in the context of risk.
• Skilled in control mapping and integration of risk with governance and compliance frameworks.
• Certifications (preferred): CRISC, CISM, CISSP, ISO 27005 Risk Manager, ISO 27001 Lead Auditor/Implementer, or similar.