Security Compliance Manager

Client Company Introduction:

It is a leading software engineering company delivering innovative, AI-powered platforms for global clients.

Security Compliance Engineer (GRC & Soc2)

About the Role

HST Solutions is looking for a hands-on Security & Compliance Engineer with proven experience implementing and maintaining ISO 27001 and SOC 2 programmers. This person will own our compliance posture end-to-end, manage evidence collection, operate our GRC tools, and ensure our systems and cloud environments remain secure and audit-ready.

.

Key Responsibilities

1. Information Security & Compliance (Primary Focus)

• - Maintain and enhance our ISO 27001 ISMS and SOC 2 controls.
• - Drive continuous compliance, closing gaps and improving maturity.
• - Prepare and manage evidence collection, internal reviews and external audits.
• - Keep all policies, procedures, and risk registers up to date.
• - Conduct security awareness sessions and internal compliance checks.
• - Ensure ongoing compliance with GDPR and security best practices.

2. GRC Platform Operations

• - Operate and maintain our GRC tooling (e.g., Vanta, Drata, Sprinto, Hyperproof, or similar).
• - Automate compliance workflows, reminders, and evidence tasks.
• - Manage vendor risk assessments & third-party compliance activities.
• - Track, monitor, and report control health and remediation status.

3. Cloud & System Administration

• - Hands-on work across AWS, Azure, GCP, or other cloud environments.
• - Implement and enforce identity access management (IAM) standards.
• - Patch management, system hardening, logging & monitoring.
• - Maintain secure configurations across servers, endpoints, networks, and SaaS systems.

4. Internal IT Support

• - Provide IT support for users (accounts provisioning, SSO, access issues, device troubleshooting).
• - Maintain asset registers and endpoint security (MDM, EDR, encryption).
• - Manage onboarding/offboarding technical workflows.

Experience Required

• - Proven implementation experience in ISO 27001 (must have been part of an actual certification project).
• - Hands-on operational experience maintaining SOC 2 Type 1 or Type 2.
• - Experience using or managing GRC/Security Compliance platforms.
• - Practical, hands-on system administration experience (Windows/Linux).
• - Cloud administration and security experience (AWS/GCP/Azure).
• - Strong understanding of access control, network security, encryption, logging, and patching.
• - Comfortable being the single point of contact for compliance and IT ops.

Nice to Have

• - Security certifications (CISSP, CISM, ISO 27001 Lead Implementer/Lead Auditor).
• - Experience with MDM tools (Intune, Jamf, Kandji) or EDR tools (SentinelOne, CrowdStrike).
• - Previous experience in a SaaS or software development company.

Key Attributes

• - Highly organised with strong documentation skills.
• - Self-driven, proactive, and able to operate with minimal supervision.
• - Practical problem-solver, not a checkbox operator.
• - Strong communicator with a calm, professional approach.
• - Comfortable owning compliance end-to-end.

What Success Looks Like

• - ISO 27001 & SOC 2 controls running smoothly with clear, automated evidence flows.
• - Audits are clean, efficient, and predictable.
• - Users receive responsive IT support with secure configurations.
• - Cloud and system infrastructure remains aligned with best practices.
• - Zero surprises for auditors, customers, or internal stakeholders.

Experience:

Work Timings:

Work Mode:

alary:

About HR Ways: