Responsibilities:
- Conduct risk assessments and compliance evaluations across IT systems, cloud environments, and business processes.
- Implement, monitor, and enhance governance, risk, and compliance frameworks to support organizational security posture.
- Perform internal audits aligned with regulatory and industry standards such as ISO 27001, HIPAA, GDPR, NIST, and SOC2.
- Develop, review, and maintain security policies, standard operating procedures, and related documentation.
- Support security awareness initiatives and assist in preparing compliance reports for internal and external stakeholders.
- Collaborate with cross-functional teams to identify security gaps, define risks, and recommend remediation actions.
- Coordinate and assist with external audits, certification activities, and evidence collection.
- Monitor compliance dashboards, audit logs, and maintain audit and risk-related evidence repositories.
- Work closely with cloud teams to assess and validate compliance controls on platforms such as AWS, Azure, or GCP.
Required Skills & Qualifications:
- 13 years of experience in GRC, information security, compliance, or risk management.
- Hands-on experience with at least one public cloud platform (AWS, Azure, or GCP).
- Strong understanding of standards and frameworks including ISO 27001, HIPAA, GDPR, NIST, and SOC2.
- Knowledge of security controls, vulnerability management practices, and data protection frameworks.
- Ability to prepare, organize, and manage documentation, audit evidence, and compliance records.
- Strong communication skills with the ability to coordinate with stakeholders and produce high-quality reports.
