Security and Compliance Analyst

What You ll Do:

• Strategic Audit Leadership: Lead strategic planning and execution of audits across ISO27000, ISO27001/18, CSA, SOC2, and ISO27701. Ensure comprehensive compliance across ISMS areas including BCM, ESG, privacy, contract management, vendor risk, and cloud security.
• Advanced Data Analysis and Risk Assessment: Use machine learning and big data analytics to assess compliance risks, identify trends, and guide strategic decisions.
• ISMS and ESG Control Architecture: Design and manage security and ESG controls, ensuring alignment with organizational goals and regulatory requirements.
• Policy and Contract Governance: Lead governance of security policies and contract management processes. Ensure alignment with legal, regulatory, and ESG standards.
• External Audit Leadership: Serve as the primary technical liaison for external audits. Address findings with effective technical solutions.
• Privacy and ISO27701 Compliance: Oversee implementation and maintenance of privacy controls aligned with ISO27701. Ensure data protection practices are embedded across systems and processes.
• Innovation in Compliance Processes: Introduce new technologies and methodologies to enhance audit and ISMS management.
• SDLC Security Leadership: Integrate security best practices into the SDLC, including CI/CD pipelines and secure coding standards.
• OS and Cloud Security Leadership: Lead security efforts across operating systems, cloud platforms, and cloud-native applications.
• Cyber Maturity and ESG Assessments: Conduct cyber maturity and ESG capability assessments. Recommend strategic improvements.
• Leadership and Team Development: Mentor and lead the Compliance and Audit team. Foster a culture of continuous improvement and proactive risk management.

• 5 to 8 years of experience in ISO 27000, ISO27001/18, ISO27701, CSA, SOC2.
• Strong understanding of ESG principles and their integration into security and compliance.
• Mastery of BCM, privacy, incident management, risk management, and contract governance.
• Strong leadership, communication, and technical reporting skills.
• Experience with OSs (Windows, Linux), cloud platforms, and secure SDLC practices.