SOC and Compliance analyst

Job Description

About the Role The SOC & ISO 27001 Compliance Specialist is responsible for ensuring the organization’s compliance with information security standards and frameworks, specifically focusing on SOC 2 and ISO 27001. This role involves coordinating audits, maintaining policies and procedures, conducting internal assessments, and driving continuous improvement in security and compliance processes. Responsibilities Compliance Management: Develop, implement, and maintain controls required for ISO 27001 and SOC 2 compliance. Coordinate and manage internal and external audits, including document preparation, auditor interactions, and remediation of findings. Maintain the organization’s ISMS (Information Security Management System) in accordance with ISO 27001. Ensure proper documentation and records are kept to demonstrate compliance with relevant standards. Policy and Procedure Oversight: Draft, review, and update information security policies and procedures. Promote organization-wide awareness of information security policies and compliance requirements. Risk Management: Conduct regular risk assessments and facilitate risk treatment plans. Monitor and report on information security risks, vulnerabilities, and compliance gaps. Collaboration and Training: Work with IT, legal, HR, and other departments to ensure integrated compliance practices. Provide training and support to staff on compliance and security best practices. Continuous Improvement: Identify opportunities for improving controls and processes. Track industry trends and emerging compliance requirements. Qualifications Bachelor’s degree in Information Security, Computer Science, Risk Management, or related field. 3–5 years of experience in a compliance or information security role. Experience with SOC 2 and ISO 27001 audits and certification processes. Required Skills In-depth knowledge of SOC 2 and ISO 27001 frameworks. Strong understanding of risk management principles. Excellent documentation and organizational skills. Effective communication and stakeholder management skills. Familiarity with GRC tools and audit management systems. Preferred Skills ISO 27001 Lead Implementer or Auditor Certified Information Systems Auditor (CISA) Certified Information Security Manager (CISM) Certified Information Systems Security Professional (CISSP) = Show more Show less