Your role and responsibilities
- The Security Compliance Specialist works with the Security Compliance Leader and will have the execution responsibility around (but not limited to) the following areas:
Compliance enforcement:
- Implementing necessary controls and measure to ensure organization's overall security compliance, in alignment with internal security standards, applicable regulations and industry standards (e.g., ISO 27001, NIST, GDPR).
- Ensure adherence to the compliance requirements for network infrastructure, OpenShift environments, and IBM Z systems based on the actionable policies and procedures using approved IBM technology choices.
Policy Creation and Management:
- Maintain and enforce security policies, standards, and controls applicable to network operations, cloud environments, and mainframe systems.
- Partner with IBM CISO organization to regularly review and update security policies to address emerging threats, regulatory changes, and organizational needs.
Risk Management:
- Conduct risk assessments to identify potential compliance gaps and vulnerabilities within the organization's IT environment.
- Collaborate with IT and security teams to develop risk mitigation strategies and implement necessary compliance controls.
Audit and Assessment:
- Prepare for regular compliance audits for network, OpenShift platform, and IBM Z systems.
- Ensure prompt rectification of any compliance findings and develop action plans for continuous improvement.
Training and Awareness:
- Conduct comprehensive training programs to raise awareness of security compliance requirements and best practices among employees.
- Foster a culture of security compliance by regularly communicating the importance of adherence to security standards.
Monitoring and Reporting
- Adopt/leverage metrics and reporting frameworks to continuously monitor compliance status and effectiveness of security controls.
- Prepare regular reports for executive management on compliance initiatives, audit findings, and the overall status of security compliance across the organization.
- Required education
- Bachelor's Degree
- Preferred education
- Master's Degree
- Required technical and professional expertise
Qualifications & Skill
- 8-10 years of professional experience with at least 5+ years of relevant experience in the information technology security & compliance domain.
- Bachelor's degree in Cybersecurity, Information Technology, or a related field; advanced degree or security certifications (e.g., CISSP, CISM, CISA) are a plus.
- Extensive experience in security compliance management, particularly in network security, cloud security, and mainframe environments.
- Strong understanding of regulatory requirements and compliance frameworks relevant to the industry.
- Should be open and willingness to learn new technologies and be open for continuous upskilling experience.
- Excellent analytical and problem-solving skills to assess compliance issues and risks.
- Strong Proficiency in working with Secured communications across varied Hybrid platforms (On-Prem, On-Cloud etc).
- Strong leadership and communication skills to influence and guide cross-functional teams.
- Ability to work collaboratively with various stakeholders, including technical teams, executive management, and external auditors.
- Proficiency in compliance management tools and security frameworks.
- Proficiency in automation tools such as Ansible and pipeline orchestration tools such as Tekton and GitHub Actions.
