Compliance Manager - IT Security

Job Responsibilities :

• Design, implement, and continuously monitor comprehensive information security compliance programs that align with relevant industry standards and regulatory requirements, including but not limited to ISO 27001, GDPR, SOC 2, NIST, PCI DSS, and HIPAA.
• Ensure that all information security policies and controls are regularly reviewed, updated, and maintained to reflect changes in regulations, best practices, and the organization's risk landscape.
• Conduct thorough and systematic risk assessments to identify potential information security vulnerabilities, emerging threats, and areas of non-compliance across the organization's IT infrastructure and processes.
• Develop, recommend, and oversee the implementation of effective risk mitigation strategies, security controls, and corrective actions to minimize identified risks and ensure ongoing adherence to compliance requirements.
• Coordinate, facilitate, and lead both internal and external security audits, ensuring meticulous preparation for audits, adherence to established audit schedules, and effective communication with auditors.
• Prepare detailed and comprehensive audit reports that accurately document audit findings, identified risks, and proposed or implemented remediation actions for review by senior leadership and relevant stakeholders.
• Track and ensure the timely resolution of audit findings and the implementation of agreed-upon corrective actions.
• Create, implement, enforce, and regularly update information security policies, standards, procedures, and guidelines that effectively address applicable regulatory requirements and industry best practices.
• Conduct periodic assessments of the effectiveness of existing security policies and procedures, and proactively update them as necessary to enhance the organization's overall security and compliance posture.
• Develop, implement, and execute engaging and effective ongoing employee training programs focused on security awareness, specific compliance obligations relevant to their roles, and adherence to security best practices.
• Foster a strong security-first culture within the organization by proactively educating staff on regulatory requirements, potential risk factors, and their individual responsibilities in maintaining information security and Responsibilities :
• Incident Management and Response : Collaborate closely with the incident response team to ensure that all security incidents are appropriately managed, thoroughly reported, and accurately documented in compliance with applicable legal and regulatory requirements. Contribute to post-incident analysis to identify underlying compliance gaps and recommend proactive measures for improvement.
• Vendor and Third-Party Compliance : Oversee and manage the information security compliance of all third-party vendors and service providers, ensuring they meet the organization's established security requirements as outlined in contractual agreements. Conduct regular assessments to verify vendors' adherence to data protection and security policies.
• Stakeholder Engagement and Communication : Serve as the primary point of contact and subject matter expert for all information security compliance-related inquiries, concerns, and initiatives. Collaborate effectively with cross-functional teams, including Legal, IT, and Human Resources, to ensure that compliance requirements are consistently met and to promote a cohesive and integrated approach to security and risk management across the organization.
• Continuous Monitoring and Improvement : Maintain a thorough and up-to-date understanding of new and evolving regulatory requirements, emerging cybersecurity threats, and industry best practices, ensuring that the organization's compliance strategies are proactive, adaptive, and effective. Implement continuous improvement initiatives within the compliance program to consistently enhance the organization's security and compliance Skills : Skills :
• Deep and comprehensive understanding of established information security frameworks, standards, and relevant regulations, including but not limited to ISO 27001, SOC 2, PCI DSS, NIST, HIPAA, and GDPR.
• Proven knowledge of various security tools and technologies, such as Security Information and Event Management (SIEM) systems, firewalls, intrusion detection and prevention systems (IDPS), Data Loss Prevention (DLP) solutions, encryption technologies, Identity and Access Management (IAM) systems, and vulnerability management tools.
• 7+ years of relevant experience in managing IT security compliance programs and implementing security controls.
• Familiarity with security considerations and associated compliance challenges within cloud computing environments (e.g., AWS, Azure, GCP).
• Experience with Governance, Risk, and Compliance (GRC) tools and platforms is considered a significant Skills :
• Strong and demonstrated ability to conduct comprehensive and effective risk assessments to identify potential security threats, vulnerabilities, and areas of non-compliance.
• Proficient in analyzing detailed audit reports, security logs, and other relevant data sources to identify potential non-compliance issues, security weaknesses, and areas for improvement.

ref : hirist.tech)