Position Summary:The Information Security Compliance Administrator will support the global security compliance program by developing and maintaining security policies, auditing controls, and managing technical platforms that enable compliance with standards such as SOC 2 and ISO 27001. This role will also lead the security awareness training program and be responsible for building and maintaining a comprehensive trust package to support customer and auditor assurance. Key skills include stakeholder management, analytical thinking, and ability to work independently and in teams.
Key Responsibilities:
- Develop, maintain, and update security policies and procedures aligned with SOC 2, ISO 27001, and other relevant frameworks.
- Ensure documentation reflects current regulatory requirements and internal practices. Compliance Auditing & Control Monitoring
- Conduct internal audits to assess compliance with security policies and standards.
- Collaborate with internal stakeholders and external auditors during assessments and certification processes.
- Track and report on remediation efforts for audit findings.
- Apply industry leading practices to identify risks and opportunities of improvement. Technical Platform Administration
- Manage compliance-related platforms (e.g., GRC tools, policy management systems).
- Support automation of compliance workflows and reporting. Security Awareness & Training
- Design and maintain a security awareness training program tailored to different roles and geographies.
- Track participation and effectiveness of training initiatives.
- Coordinate phishing simulations and other awareness campaigns. Trust Package Development
- Build and maintain a trust package that includes up-to-date security documentation, certifications, audit reports, and FAQs.
- Ensure materials are accurate, accessible, and aligned with customer and auditor expectations.
- Work with the legal, sales, and corporate services teams to assist in trust and transparency initiatives. Cross-Functional Collaboration
- Work with ETS, Legal, HR, and other departments to ensure security controls are implemented and understood.
- Provide guidance and training on compliance requirements and best practices.
Qualifications:
- Bachelor’s degree in Information Security, Computer Science, or a related field.
- 5 years of experience in information security compliance or audit.
- Strong knowledge of SOC 2, ISO 27001, and other regulatory frameworks (e.g., NIST, HIPAA, GDPR).
- Experience with compliance platforms (e.g., Drata, Vanta, OneTrust, ZenGRC).
- Experience designing or managing security awareness programs.
- Experience developing trust packages or customer-facing security documentation is a plus.
- Excellent written and verbal communication skills.
- Certifications such as CISA, CISSP, or ISO 27001 Lead Implementer/Auditor are preferred and may be required depending on project needs.
नौकरी रिपोर्ट करें
