Requirements
* A minimum of 3 years of experience in an information security role
,
* Proven experience in supporting and managing compliance efforts for ISO 27001, SOC 2, and PCI DSS
,
* Strong skills in security metrics and reporting
,
* Experience with audit processes and evidence collection
,
* A proactive, organized, and detail-oriented approach to your work
,
* Experience with GRC software is a plus
,
* (Desirable) CompTIA Security+
,
* (Desirable) Certified Information Systems Auditor (CISA)
,
* (Desirable) Certified in Risk and Information Systems Control (CRISC)
,
* (Desirable) Certified Information Systems Security Professional (CISSP)
What the job involves
* In this role you will be instrumental in helping us maintain and mature our governance, risk, and compliance program
,
* You'll play a crucial part in ensuring our ongoing adherence to security standards and regulations, building a foundation of trust for our clients and stakeholders
,
* This is a hands-on role, ideally suited to someone who can engage with stakeholders across our business
,
* Compliance Management: Support the day-to-day management of our compliance programs, with a primary focus on ISO 27001, SOC 2, and PCI DSS/3DS
,
* Audit Support: Act as a key liaison for internal and external auditors, helping to gather evidence, prepare for audits, and track the timely remediation of any findings
,
* Risk Management: Participate in our risk assessment process, helping to identify, analyse, and document information security risks. You'll also assist in developing and monitoring risk treatment plans
,
* Policy & Procedure Maintenance: Help to develop, update, and maintain our information security policies, standards, and procedures to ensure they are current, accurate, and aligned with compliance requirements
,
* Evidence Collection & Review: Automate and streamline the collection of evidence for our various compliance frameworks to ensure audit readiness
,
* Cross-Functional Collaboration: Work closely with our Engineering, Product and Security Operations teams to embed security controls into our processes and culture
,
* Continuous Improvement: Identify opportunities to improve the effectiveness and efficiency of our GRC program and related processes
#J-18808-Ljbffr