5

applicants

Systems Engineer - Governance & Compliance

ITX360 (Pvt) Ltd external url   pin Colombo - Full-time

ITX360 (Pvt) Ltd, a subsidiary of Expolanka Holdings, is dedicated to delivering end -to - end enterprise technology solutions to both local and global markets Our core expertise spans automation, cloud services ERP systems, network and infrastructure, software development, information security and BPO services in HR, Finance, and Procurement We are currently expanding our giabal footprint across all sectors and are on the lookout for dynamic individuals to join our team.

Requirements

  • Bachelor's degree in information security, Computer Science, Information Technology, or related discipline (A diploma with relevant experience may also be considered)
  • 2-3 years of experience in information security, risk, or compliance functions
  • Basic understanding of information security frameworks such as I50 27001, NIST, or CIS Controls
  • Familiarity with Governance, Risk, and Compliance (ORC) principles and tools Awareness of data protection regulations (eg. GDPR, local data privacy laws)
  • Understanding of risk management processes and audit principles
  • Knowledge of IT infrastructure, cybersecurity, and business continuity concepts
  • Certification in ISO 27001:2013/2022 (internal Auditor or Lead Implementer) is an added advantage
  • CompTIA Security*, CISA, or other relevant cybersecurity/governance certifications are an added advantage
  • Strong analytical and documentation skills
  • Excelient, communication and presentation abilíties
  • Detail-oriented, with a proactive and organized approach
  • Ability to work collaboratively in cross-functional teams

Job Role

  • Implementing an Information Security Management System (ISMS) aligned to ISO 27001
  • Developing a risk register to track and monitor organizational risks
  • Periodic Compliance Audits (internal + external)
  • Policy and SOP (Standard Operating Procedure) Framework updates
  • Employee Awareness and Training Programs on cybersecurity and data privacy
  • Vendor Risk Management program to assess third-party compliance
  • Business Continuity and Disaster Recovery Plan testing
  • Automation of incident and Risk Reporting via CRC tools
  • Data Protection Impact Assessments (DIA) for privacy compliance
  • Board-level Governance Dashboards for compliance status tracking

Systems Engineer - Governance & Compliance - ITPro.lk
Share Share Report Report Go Back to Category Information Technology time Posted on 09 Oct 2025 Viewed Viewed 73 times