ISO and CMMI Auditor

As a Risk and Compliance Analyst, your role will involve identifying, assessing, and mitigating operational and regulatory risks. You will be responsible for maintaining the organization's risk register, performing risk control self-assessments, and developing Key Risk Indicators to monitor trends. Additionally, you will prepare risk assessment reports, ensure compliance with regulatory requirements, and support remediation efforts. Key Responsibilities: - Identify and assess operational, regulatory, and compliance risks across business units. - Maintain and update the organizations risk register with detailed mitigation plans. - Perform risk control self-assessments to evaluate effectiveness of current controls. - Develop Key Risk Indicators and monitor trends for early issue detection. - Prepare and present risk assessment reports to management and compliance leadership. - Ensure alignment with regulatory, contractual, and internal compliance requirements. - Monitor changes in legal, regulatory, and contractual obligations and update policies accordingly. - Conduct compliance gap analyses and support remediation efforts. - Design and implement internal audits and control testing for compliance assessment. - Maintain accurate documentation of compliance-related policies and SOPs. - Use CMMI principles to enhance governance processes and standardize controls. - Integrate risk and compliance activities into quality management systems. - Collaborate with process owners to define and improve processes aligned with CMMI maturity models. - Support process audits and evidence collection for certifications. - Conduct training programs on compliance obligations and risk awareness. - Serve as a liaison between internal teams, external auditors, and regulatory bodies. - Assist in incident management and root cause analysis for compliance breaches. - Generate dashboards and management reports for audit readiness and compliance KPIs. Qualifications: - Bachelor's degree in Risk Management, Business Administration, Information Security, or related field. - 3+ years of experience in risk and compliance management, preferably in IT services or regulated environments. - Exposure to CMMI certification efforts, especially in integrating risk and compliance. - Understanding of regulatory standards like ISO 27001, GDPR, SOX, HIPAA, or SOC 2. - Experience with audit tools, risk assessment methodologies, and compliance tracking systems. Preferred Certifications: - Certified Risk and Compliance Management Professional (CRCMP), CRISC, or equivalent. - ISO 27001 Lead Implementer/Auditor (optional but beneficial). - Knowledge of CMMI-DEV or CMMI-SVC frameworks.,