Security Compliance Specialist

Responsibilities:

• Support the maintenance of strong governance, risk, and the compliance process for ISO 27001.
• Continuously improve the security framework, methodology, standards, and system of internal controls.
• Govern the NCR process and ensure corrective actions are completed.
• Establish and monitor performance metrics, trending reports, and KPI.
• Create and maintain internal governing documents for compliance with ISO 27001 various auditing procedures and internal security controls.
• Regularly examine the organization's information security risks, analyzing threats, vulnerabilities, and impact.
• Serve as the main point of contact for all compliance audits such as ISO27001, ISO9001, SOX, security policy, and data privacy as needed.
• Create, manage, and document standard operating procedures and best practice guidelines.
• Develop security awareness training content, campaigns; deliver training to employees.
• Manage third-party, supply chain, and cloud vendor risk reduction and mitigation programs.
• Perform security risk assessment and identify risk mitigations for new projects, programs, etc.
• Act as the project manager for security projects to track deliverables, and identify risks.
• Responsible for daily security monitoring, detections, and investigations.
• Support the team with other areas of security and governance as needed.

Requirements:

• Preferred 5+ years in Information Security risk and governance experience.
• Bachelors degree in risk management, information security, or related discipline.
• Strong knowledge of security principles and risk management
• Experience with ISO27001 and NIST-800 are a must
• Excellent verbal and written communication skills to document, communicate findings, and interact with business customers.

Preferred Requirements:

• CISSP or CISA Security Certification a plus