Cybersecurity Compliance Expert (NIS-2, China Cybersecurity Law)

Job Description : Cybersecurity Compliance Expert

The Cybersecurity Compliance Expert is responsible for supporting the implementation

of controls across various regulatory compliance requirements, managing exceptions to

cyber policies, monitoring key performance indicators (KPIs) and key risk indicators

KRIs) for cybersecurity, and supporting internal and external audits. This role is critical

in ensuring the organization's cybersecurity posture aligns with regulatory standards

and best practices.

Key Responsibilities

1. Implementation of Controls

Support the implementation of controls to meet various regulatory

compliance requirements such as NIS-2, China Cybersecurity Law (CSL),

and other relevant regulations.

Collaborate with cross-functional teams to ensure compliance controls

are effectively integrated into business processes.

2. Policy Exception Management

Manage exceptions to cybersecurity policies, ensuring that deviations are

documented, justified, and approved according to organizational

procedures.

Conduct regular reviews of policy exceptions to assess risk and

recommend mitigation strategies

3. Monitoring and Reporting

Monitor cybersecurity KPIs and KRIs to track the effectiveness of security

measures and identify areas for improvement.

Prepare and present regular reports on cybersecurity metrics to senior

management and stakeholders.

4. Audit Support

Provide support for internal and external audits related to cybersecurity

compliance.

Coordinate with auditors to provide necessary documentation and

evidence of compliance.

Assist in the remediation of audit findings and implementation of

corrective actions.

Qualifications

Education : Bachelor's degree in Information Security, Computer Science, or a

related field.

Experience : Minimum of 5 years of experience in cybersecurity compliance, risk

management, or a related area.

Certifications : Relevant certifications such as CISSP, CISM, or CISA are

preferred.

Skills :

Strong understanding of regulatory compliance requirements (e.g., NIS-2,

China CSL).

Excellent analytical and problem-solving skills.

Ability to manage multiple tasks and projects simultaneously.

Effective communication and interpersonal skills.

Proficiency in using cybersecurity tools and technologies.