Design and evaluate the effectiveness of security controls, assessing their ability to mitigate risks and recommending improvements to ensure they operate as intended and achieve desired security outcomes.
Proactively monitor compliance against various security frameworks and regulatory requirements (e.g., NIST, ISO 27001, SOC I & II, C5, ISO 42001).
Support internal and external audits by gathering, assessing, and providing necessary evidence to demonstrate compliance.
Manage the entire lifecycle of security evidence, from collection and secure storage to version control and eventual archival, ensuring its integrity and availability for audits and compliance checks.
Establish and maintain robust information security policies, standards, and procedures tailored to specific organizational needs and emerging threats.
Communicate effectively about information security risks, standards, and policy updates, fostering a strong security-conscious culture across the organization.
Collaborate with applicable departments to ensure security controls are effectively implemented, maintained, and continuously optimized.
Requirements
3-5 years of progressive experience in an Information Security, IT Audit, or Compliance role, demonstrating a solid understanding of information security principles and practices.
Solid understanding of security operations, controls, and best practices within cloud environments (e.g., AWS, Azure, GCP). Experience with cloud security frameworks and tools is highly desirable.
In-depth knowledge and practical experience with a range of information security standards, frameworks, and regulations (e.g., ISO/IEC 27001 family, GDPR, SOC 2 Trust principles).
Familiarity with enterprise data environments, system integrations, and software development lifecycles (SDLC).
An independent and active information security certification (e.g., CISM, CISSP, ISO 27001 Lead Implementer, CompTIA Security+) is required.
Exceptional analytical and problem-solving abilities to perform detailed gap analyses, identify root causes, and develop practical, effective security solutions.
Excellent written and verbal communication skills in English, with the ability to articulate complex security concepts clearly to both technical and non-technical audiences.
High level of initiative, self-direction, and the ability to work independently while also being a strong team player and collaborating effectively across departments.