The Role:

Primary responsibilities of this role include responding to due diligence questionnaires, conducting policy reviews, and ensuring adherence to ISO 27001 and SOC2 security compliance controls.

Responsibilities

• Excellent communication skills in the English language.
• Primary in responding to due diligence questionnaires from clients, partners, and regulatory bodies.
• Conduct thorough reviews of existing security policies and procedures. Ensure alignment with ISO 27001 and SOC2 security controls.
• Assist in the development and implementation of new security policies, procedures, and supporting artifacts.
• Monitor and report on compliance status and progress; Engage cross-organizationally to collect supporting artifacts and implement new controls.
• Collaborate with internal teams to address compliance-related issues and gaps.
• Conduct internal and external audits related to security compliance, access reviews, firewall audits, and other required processes.
• Experience using security tools such as EDR and SIEM to accomplish automating compliance activities.
• Stay updated on the latest compliance requirements and industry best practices.
• Provide training and support to staff on compliance-related matters via security newsletters, yearly security awareness training, and phishing exercises.

Skills and Qualifications

• Bachelor's degree in Information Security, Computer Science, or related field.
• 3-5 years of experience in a security compliance, GRC, or related information security role.
• Strong understanding of ISO 27001 and SOC2 compliance frameworks, as well as NIST defined standards.
• Excellent written and verbal communication skills, via email and on calls.
• Detail-oriented with strong analytical and problem-solving abilities.
• Ability to work independently and as part of a team.
• Experience using Jira, Confluence, and SharePoint for collaboration.
• At least one relevant certification (e.g., CISA, CASP+, CISM, ISO 27001 Lead Auditor).