Role Summary
Responsible for supporting information security, privacy governance, and regulatory compliance initiatives including ISO 27001, ISO 27701, SOC 2.The role ensures organizational compliance, risk management, and secure operational practices across systems and processes.
Key Responsibilities
Information Security & GRC
- Lead implementation and maintenance of ISO 27001 ISMS.
- Support ISO 27701 (PIMS) implementation and privacy governance framework.
- Conduct risk assessments, gap assessments, and internal audits.
- Develop and update security policies, procedures, and control frameworks.
- Manage control testing and evidence collection for audits.
- Conduct internal audits based on defined processes and policies.
- Coordinate external certification audits and remediation tracking.
SOC 2 Compliance
- Lead SOC 2 readiness assessments and compliance programs.
- Map controls to Trust Service Criteria (Security, Availability, Confidentiality, etc.)
- Monitor ongoing compliance and manage auditor interactions.
Risk & Monitoring
- Perform vendor risk assessments.
- Respond to client questionnaires, RFI/RFP's (Tier 1, 2,3) as applicable
- Track corrective and preventive actions.
Stakeholder Management
- Conduct awareness and training sessions.
Skills & Competencies
- Strong knowledge of ISO 27001, ISO 27701, SOC 2
- Risk assessment methodologies
- Audit management
- Policy drafting and control documentation
- Strong stakeholder communication
