Job
Description
Your role and responsibilities The Security Compliance Specialist works with the Security Compliance Leader and will have the execution responsibility around (but not limited to) the following areas: Compliance enforcement: Implementing necessary controls and measure to ensure organization's overall security compliance, in alignment with internal security standards, applicable regulations and industry standards (e.g., ISO 27001, NIST, GDPR). Ensure adherence to the compliance requirements for network infrastructure, OpenShift environments, and IBM Z systems based on the actionable policies and procedures using approved IBM technology choices. Policy Creation and Management: Maintain and enforce security policies, standards, and controls applicable to network operations, cloud environments, and mainframe systems. Partner with IBM CISO organization to regularly review and update security policies to address emerging threats, regulatory changes, and organizational needs. Risk Management: Conduct risk assessments to identify potential compliance gaps and vulnerabilities within the organization's IT environment. Collaborate with IT and security teams to develop risk mitigation strategies and implement necessary compliance controls. Audit and Assessment: Prepare for regular compliance audits for network, OpenShift platform, and IBM Z systems. Ensure prompt rectification of any compliance findings and develop action plans for continuous improvement. Training and Awareness : Conduct comprehensive training programs to raise awareness of security compliance requirements and best practices among employees. Foster a culture of security compliance by regularly communicating the importance of adherence to security standards. Monitoring and Reporting Adopt/leverage metrics and reporting frameworks to continuously monitor compliance status and effectiveness of security controls. Prepare regular reports for executive management on compliance initiatives, audit findings, and the overall status of security compliance across the organization. Required education Bachelor's Degree Preferred education Master's Degree Required technical and professional expertise Qualifications & Skill 8-10 years of professional experience with at least 5+ years of relevant experience in the information technology security & compliance domain. Bachelor's degree in Cybersecurity, Information Technology, or a related field; advanced degree or security certifications (e.g., CISSP, CISM, CISA) are a plus. Extensive experience in security compliance management, particularly in network security, cloud security, and mainframe environments. Strong understanding of regulatory requirements and compliance frameworks relevant to the industry. Should be open and willingness to learn new technologies and be open for continuous upskilling experience. Excellent analytical and problem-solving skills to assess compliance issues and risks. Strong Proficiency in working with Secured communications across varied Hybrid platforms (On-Prem, On-Cloud etc). Strong leadership and communication skills to influence and guide cross-functional teams. Ability to work collaboratively with various stakeholders, including technical teams, executive management, and external auditors. Proficiency in compliance management tools and security frameworks. Proficiency in automation tools such as Ansible and pipeline orchestration tools such as Tekton and GitHub Actions.
