Security Compliance Officer

Job Overview:

SQ1 Security is seeking an experienced Cybersecurity and Compliance Expert to lead and drive our initiatives toward achieving SOC 2, ISO 27001, GDPR, and HITRUST certifications.

Key Responsibilities:

• Develop and Maintain Security Frameworks: Design, implement, and maintain information security policies, procedures, and controls aligned with SOC 2 (Type I & II), ISO 27001, GDPR, PCI DSS, NESA, and other relevant frameworks.

• Governance and Compliance Oversight: Organize and facilitate security governance meetings (e.g., Steering Committees) and ensure continuous compliance with internal and external regulatory requirements.

• Audit and Certification Management: Lead internal and external audits, coordinate with auditors and regulatory bodies, and ensure successful attainment and renewal of certifications such as SOC 2, ISO 27001, HITRUST, CMMC, and PCI DSS.

• Risk Management: Conduct and document information security risk assessments, gap analyses, and develop remediation plans to address identified risks.

• Change and Incident Management: Participate in the Change Advisory Board (CAB), contribute to security testing and incident response activities, and ensure change management processes align with security best practices.

• Continuous Improvement: Stay updated on evolving information security standards, privacy regulations, and industry best practices, ensuring timely adaptation and organizational compliance.

• Stakeholder Collaboration: Work closely with IT, Legal, Risk, and Business units to strengthen governance, data protection, and compliance posture across the organization.

• Strategic Advisory: Advise leadership on emerging compliance trends, governance enhancements, and long-term strategies to sustain certification readiness and regulatory alignment.

Required Skills/Technologies/Tools

• Education & Experience:

• Minimum of 5 years of experience in information security or compliance roles, including maintaining SOC2 and ISO 27001 ISMS certifications.

• Proven experience in leading or supporting SOC 2 and ISO 27001 implementations, preferably within Consulting, Medical or other regulated industries.

• Technical & Regulatory Knowledge:

• Strong understanding of information security frameworks such as ISO/IEC 27001, NIST, CIS, GDPR, and related compliance standards.

• Familiarity with UAE regulatory and legal frameworks, including NESA, DESC, ISR, ADSIC, and SEBI regulations.

• Certifications (Preferred):

• CISSP, CISM, CISA, PCI-DSS Implementer, ISO 27001 Lead Auditor/Implementer or equivalent certifications.

Good to have Technologies/Tools

Certifications: ISO 42001, ISO27701, CRISC