ISO and CMMI Auditor

Job Description

Job Description: We are looking for a highly analytical and meticulous Risk and Compliance Analyst with a strong foundation in governance frameworks and experience supporting CMMI certification. This role focuses on identifying, assessing, and mitigating operational and regulatory risks, while also ensuring policy adherence and internal controls across the organization. Experience in structured process improvement frameworks like CMMI is desirable for embedding compliance into scalable and auditable processes. Key Responsibilities: • Identify and assess operational, regulatory, and compliance risks across business units. • Maintain and update the organization’s risk register with detailed mitigation plans. • Perform risk control self-assessments to evaluate effectiveness of current controls. • Develop Key Risk Indicators and monitor trends to provide early warning of potential issues. • Prepare and present risk assessment reports to management and compliance leadership. • Ensure alignment of organizational practices with regulatory, contractual, and internal compliance requirements. • Monitor changes in legal, regulatory, and contractual obligations and update policies accordingly. • Conduct compliance gap analyses and support remediation efforts. • Design and implement internal audits and control testing to assess compliance status and readiness. • Maintain accurate, version-controlled documentation of all compliance-related policies and SOPs. • Use principles from CMMI to enhance governance processes and standardize controls. • Ensure that risk and compliance activities are integrated into quality management systems. • Collaborate with process owners to define and improve processes that align with CMMI maturity models and compliance standards. • Support process audits and evidence collection for periodic CMMI and other certifications. • Conduct training programs on compliance obligations and risk awareness for business units. • Serve as a liaison between internal teams, external auditors, and regulatory bodies. • Assist in incident management and root cause analysis related to compliance breaches or operational failures. • Generate dashboards and management reports for audit readiness, risk levels, and compliance KPIs. Qualifications: • Bachelor’s degree in Risk Management, Business Administration, Information Security, or a related field. • 3+ years of experience in risk and compliance management, ideally in IT services or regulated environments. • Exposure to CMMI certification efforts, especially in integrating risk and compliance into maturity models. • Understanding of regulatory standards and frameworks like ISO 27001, GDPR, SOX, HIPAA, or SOC 2. • Experience with audit tools, risk assessment methodologies, and compliance tracking systems. Preferred Certifications: • Certified Risk and Compliance Management Professional (CRCMP), CRISC, or equivalent. • ISO 27001 Lead Implementer/Auditor (optional but beneficial). • Knowledge of CMMI-DEV or CMMI-SVC frameworks. Show more Show less