Senior Information Security Engineer – Governance Risk and Compliance

About the company

Founded in 2006, the Sri Lanka Computer Emergency Readiness Team | Coordinating Centre (Sri Lanka CERT|CC) is nation’s National CERT which has the mandate to protect cyber space of Sri Lanka, and implementing the approved Information and Cyber Security Policy for Government Organizations.

Sri Lanka CERT|CC wishes to recruit a qualified and experienced Senior Information Security Engineer to assist the implementation of national level programs on information and cyber security.

Job responsibilities

1. Lead the development and implementation of security policies, standards, and procedures.
2. Perform complex risk assessments and vulnerability analyses.
3. Manage compliance with regulatory requirements and internal security policies.
4. Coordinate and oversee internal and external audits.
5. Develop and deliver security awareness and training programs.
6. Prepare comprehensive reports and documentation on GRC activities.
7. Provide expert guidance and support to junior team members.
8. Deliver a broad range of high-quality information security governance, risk and compliance (GRC) related services, such as information and cyber security policy and controls frameworks, compliance management, reporting, risk and issue management, and cyber awareness and outreach.
9. Work closely with stakeholders, including government organizations and contracted service providers to provide effective service delivery.
10. Provide assistance in leading the GRC project team to ensure overall program outcomes are achieved.
11. Ensure compliance to all reporting requirements as necessitated by the government of Sri Lanka and other relevant authorities.
12. Conduct information technology general control reviews including information system audits, risk assessments of complex IT operational environments.

Educational and professional qualifications

1. A bachelor’s degree (SLQF 5 or 6) in information security, cyber-security, computer science, information technology or any other field relevant to the post, obtained from a local or foreign university, recognized by the University Grant Commission (UGC) in Sri Lanka.
2. Should hold a verifiable cyber-security certification, preferably CSSLP, CEH, OSCP or any other verifiable relevant certification relevant to the post, recognized by Sri Lanka CERT. Such certifications must be maintained in active status.

Experience

The senior information security engineer should have the following:

1. Five (05) years or above industry experience in the field of information and cyber security or relevant out of which 02 years should be in a GRC or a similar role at supervisory level within a reputed private sector cyber-security service provider, public corporation, statutory board, fully government owned company, or a reputed commercial establishment, after obtaining the first degree.

Other skills/abilities

1. Deep understanding of GRC principles, practices, and frameworks.
2. Proven experience in conducting risk assessments and managing compliance programs.
3. Strong leadership, analytical, and communication skills.
4. Skills in presentations.
5. Teamwork skills.

When applying

If you are confident that you are the ideal candidate for this position, e-mail your resume with a recent photo and two non-related referees to [email protected] on or before 15th May 2026, stating “Snr. IS Engineer – GRC”. Only shortlisted candidates will be notified.

This job description is not intended to be all-inclusive. Employees may perform other related duties as negotiated to meet the ongoing needs of Sri Lanka CERT.