IT and Security Compliance Specialist/Manager

2 Months ago • 7-12 Years • Cyber Security

About the job

6 skills required for this role

Add these skills to join the top 1% applicants for this job

cloud-security

incident-response

communication

risk-mitigation

risk-assessment

risk-management

Job Description

This role requires 7-12 years of experience in IT security & compliance. You'll ensure adherence to industry regulations like ISO 27001, SOC2, GDPR, HIPAA, and PCI-DSS. Strong knowledge of compliance frameworks and risk management are essential.

Must have:

IT Security & Compliance
Compliance Frameworks
Risk Management
Security Audits

Good to have:

GRC Tools
Compliance Automation
Cloud Security
Third-Party Risk

Perks:

Best in Industry
Full-Time

Job Overview:

This position is for 7-12 years' experience IT and Security Compliance Specialist ensures that the organization’s IT systems and processes adhere to regulatory, security, and compliance standards. This role involves conducting audits, risk assessment, managing security policies, ensuring adherence to industry regulations (e.g., ISO (at least 3 Information Security related), SOC2, GDPR, HIPAA, PCI-DSS), and working with various departments to maintain a secure and compliant IT environment.

1. Compliance Management:
a. Ensure compliance with applicable security standards, frameworks, and regulations (e.g., ISO 27001, NIST, SOX, GDPR, HIPAA, PCI-DSS).
b. Conduct regular internal audits of IT systems, applications, and processes to identify potential compliance issues.
c. Develop and maintain IT security policies and procedures aligned with industry best practices.
d. Assist in the preparation and submission of compliance reports to regulatory bodies as required.

2. Risk Management:
a. Identify, assess, and mitigate IT security risks.
b. Work with IT teams to implement risk mitigation strategies.
c. Monitor emerging security risks and implement appropriate controls.

3. Security Awareness and Training:
a. Develop and deliver security awareness training for employees to ensure a strong security culture.
b. Ensure that security policies and procedures are communicated and enforced across the organization.

4. Incident Response and Investigation:
a. Support incident response activities by helping investigate security incidents and breaches.
b. Conduct forensic investigations and recommend actions to prevent future incidents.

5. Vendor and Third-Party Risk Management:
a. Evaluate third-party vendors and contractors to ensure their compliance with organizational security and privacy standards.
b. Manage security agreements and ensure ongoing monitoring of third-party security practices.

6. Collaboration:
a. Collaborate with IT, Human Resource, legal, and other relevant departments to ensure compliance with contractual obligations related to IT and data security.
b. Act as a liaison between IT teams and external auditors or regulatory bodies during audits and assessments.

7. Continuous Improvement:
a. Stay updated with the latest compliance regulations, security trends, and technologies.
b. Propose improvements to the organization’s security and compliance posture.