Security Compliance Program Manager
Colombia
Full Time
1 hour ago
No Sponsorship
Key skills
CloudCyber SecurityIAMJiraConfluenceLeadershipRisk ManagementChange ManagementCommunicationNetwork SecurityCloud Security
About this role
Role Overview
- Supporting the development, implementation, and operationalization of SOC 2, ISO 27001:2022, NIST CSF, and related security procedures for client environments.
- Working alongside an existing long-term consultant to transform audit requirements, security controls, documented procedures, evidence collection processes, user-awareness initiatives, and internal-audit findings into sustainable operational practices.
- Collaborating closely with client leadership, security stakeholders, HR, Finance, Operations, Engineering, Technology, Business Development, Purchasing, and international business units to advance security maturity and certification readiness.
Requirements
- 10–16 years of professional experience in cybersecurity, information security, IT audit, GRC, risk management, infrastructure security, security engineering, or related disciplines.
- Hands-on experience supporting SOC 2 Type 1 and/or Type 2 audits, including control documentation, evidence collection, auditor interaction, remediation planning, and recurring control operation.
- Strong working knowledge of ISO 27001, including ISO 27001:2022 requirements, Annex A controls, internal audits, risk treatment, documented information, and management-system practices.
- Experience aligning security programs with frameworks such as NIST CSF, CIS Controls, ISO 31000, ISO 22301, HIPAA, HITRUST, PCI DSS, GDPR, LGPD, or DFARS-related requirements.
- Demonstrated ability to create and operationalize policies, procedures, standards, control narratives, process documentation, and evidence-management workflows.
- Experience working with cross-functional business and technology stakeholders to obtain audit evidence, drive process adoption, and close control gaps.
- Strong understanding of technical security domains, including: Access Control, Identity and Access Management (IAM), Vulnerability Management, Incident Response, Change Management, Logging and Monitoring, Endpoint Security, Network Security, Cloud Security, Business Continuity.
- Experience working directly with senior stakeholders and control owners to improve security maturity and track measurable progress.
- Practical experience using Jira, Confluence, spreadsheets, dashboards, or GRC platforms to manage audit readiness, KPIs, findings, and remediation plans.
- Strong written and verbal communication skills in English.
Tech Stack
- Cloud
- Cyber Security
Benefits
- Employees can work remotely