Job Description

The Senior Security Analyst - Compliance will serve as the subject matter expert in ensuring the organization's information security practices comply with recognized standards and regulatory requirements. The role is focused on managing and overseeing security compliance initiatives, developing and implementing policies and procedures, and leading internal audit programs. A strong familiarity with ISO 27001, especially as a lead auditor, is a must.

Role and Responsibilities

Develop, review, and implement security compliance policies, procedures, and guidelines aligned with international standards (e.g., ISO 27001, NIST, CIS). Lead regular internal audits and assessments to identify compliance gaps and recommend corrective actions. Monitor and ensure adherence to information security policies and regulatory requirements across the organization. Coordinate with various departments to conduct risk assessments and implement mitigation strategies. Develop and deliver security awareness and training programs to promote a culture of compliance. Serve as the primary point of contact for external audits and compliance reviews. Conduct internal audit related security compliance Oversee the preparation and maintenance of documentation required for certification and regulatory compliance. Maintain and update a comprehensive compliance register and ensure timely remediation of non-compliant areas. Conduct cloud security posture assessment Conduct review of DevSecOps process Must hold the ISO 27001 Lead Auditor certification and have demonstrable experience in applying compliance frameworks in a complex environment.

Qualifications and Education Requirements

Bachelor's degree in information security, Business Administration, Computer Science, or a related field. Minimum 8 years' experience in security compliance, audit, or risk management roles Mandatory ISO 27001 Lead Auditor certification. Proven experience in managing information security compliance programs and familiarity with frameworks such as NIST, CSK and CIS. Strong knowledge of regulatory requirements and industry standards related to information security and data protection. Excellent communication, documentation, and stakeholder management skills. Ability to work collaboratively in cross-functional teams and manage multiple compliance projects simultaneously. Detail-oriented with strong analytical skills and a proactive approach to problem-solving.
Job Type: Full-time