The position is primarily responsible for implementing and monitoring cybersecurity compliance programs, security controls, and policies to ensure the organization meets regulatory and legal requirements. The position is also responsible for supporting audits, conducting risk assessments, and coordinating with internal and external stakeholders to uphold cybersecurity standards.
Duties And Responsibilities
- Executes compliance programs and monitors adherence to established cybersecurity controls, frameworks, and policies.
- Performs regular internal audits and supports external audit activities to assess conformity with cybersecurity policies and regulatory requirements. Documents findings and assists in remediation planning.
- Collaborates with legal, risk, and compliance teams to understand regulatory impacts and ensure cybersecurity practices align with business and legal requirements.
- Reviews vendor and contractor agreements to verify inclusion of appropriate cybersecurity clauses. Ensures third-party adherence to security standards and data protection requirements.
- Assists in validating incident response actions to ensure they meet regulatory obligations
- Helps prepare breach notifications and ensures timely reporting as required by law.
- Prepares and maintains records of audit results, compliance activities, and regulatory communications for internal and external stakeholders.
Requirements
- Bachelor's degree in Cybersecurity, Information Security, Computer Science, Information Technology, or a related field
- Preferred certifications: CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, PCI-DSS, or other relevant cybersecurity compliance certifications
- Minimum of 3 years of relevant experience in cybersecurity compliance, audit, or risk assessment.
- Experience in conducting internal audits, preparing compliance documentation, and supporting regulatory reporting
- Exposure to working with cross-functional teams (legal, risk, IT)
- Familiarity with SOC 2 compliance and audit processes
