Job Description / Key Roles & Responsibilities
1. Regulatory Compliance
- Ensure ongoing compliance with ISO 27001, SOC 2, GDPR, CCPA, and other relevant standards.
- Lead and coordinate external audits and certifications.
- Maintain compliance calendars and manage audit readiness.
2. ISMS Implementation & Maintenance
- Coordinate the planning, implementation, and maintenance of the ISMS.
- Ensure all ISMS-related documentation is current, complete, and accessible.
- Work with department heads to integrate security practices into business operations.
3.ISO 27001 Compliance
- Monitor compliance with ISO/IEC 27001 requirements.
- Coordinate certification and surveillance audits with external auditors.
- Support the maintenance of the Statement of Applicability (SoA).
4. Internal Policy Management
- Develop and maintain security and compliance policies.
- Ensure organizational adherence to these policies through training and communication.
5. Risk Assessment & Management
- Conduct compliance risk assessments and maintain a risk register.
- Coordinate mitigation plans with relevant stakeholders.
6. Vendor Risk & Third-Party Compliance
- Manage third-party/vendor compliance reviews.
- Ensure data protection and regulatory clauses are included in contracts.
7. Audit & Documentation
- Coordinate internal and external audits.
- Collect and maintain compliance evidence and reports.
8. Training & Awareness
- Deliver training on compliance policies and data protection requirements.
- Monitor completion and effectiveness of compliance training programs.
9. Data Protection & Privacy
- Support handling of data subject requests and privacy impact assessments.
- Ensure adherence to privacy laws and internal privacy controls.
10. Incident Response Support
- Work with the InfoSec team on regulatory aspects of security incidents.
- Prepare and manage breach notification processes, if required.
11. Reporting & Metrics
- Prepare compliance reports for management and stakeholders.
- Maintain documentation aligned with audit and certification needs.
12. Continuous Improvement
- Stay updated on changing regulations and best practices.
- Recommend and implement enhancements to the compliance program.
Required Skills & Experience:
2–3 years of relevant experience in compliance, information security, or risk management—preferably within a SaaS or technology environment.
