Job Summary: We are seeking a highly motivated and detail-oriented IT & Cybersecurity Compliance Specialist to join our team. This role will be instrumental in ensuring our IT systems and practices adhere to relevant laws, industry standards, and internal policies, thereby safeguarding our information assets and maintaining stakeholder trust. Role & responsibilities Compliance Framework Management: Assist in the development, implementation, and maintenance of following IT and cybersecurity compliance frameworks. ISO 27001, NIST, SOX 2, local regulations like IT Act 2000, CEA, DPDP Stay up to date with evolving cybersecurity related regulatory changes, and industry best practices. Policy & Procedure Development: Contribute to the creation, review, and update of IT security policies, standards, guidelines, and procedures to ensure alignment with compliance requirements. Communicate compliance requirements and policy changes to relevant stakeholders.\ Risk Assessment & Management: Participate in IT risk assessments to identify, evaluate, and prioritize potential security vulnerabilities and compliance gaps. Support the development and implementation of remediation plans for identified risks. Audit & Assurance: Act as a key liaison during internal and external IT and cybersecurity audits. Gather, organize, and provide evidence required for audit requests. Track and monitor the progress of audit findings and remediation efforts. Control Monitoring & Testing: Assist in the regular monitoring and testing of IT security controls to ensure their effectiveness and compliance. Identify control deficiencies and recommend corrective actions. Vendor Risk Management (VMR): Support the assessment of third-party vendor security postures and compliance with organizational requirements. Training & Awareness: Contribute to the development and delivery of IT security and compliance awareness training programs for employees. Documentation & Reporting: Maintain accurate and comprehensive documentation of compliance activities, risk assessments, and audit results. Prepare regular reports on compliance status, key risks, and remediation progress for management. This role will involve tremendous amount of Documentation work & management of same. Preferred candidate profile Preferred bachelors degree in information technology, Computer Science, Cybersecurity, or a related field. 3-4 years of proven experience in an IT compliance, cybersecurity, or IT audit role. Solid understanding of common information security frameworks and standards (e.g., ISO 27001, NIST, SOX 2). Familiarity with data privacy regulations (e.g., India's DPDP Act 2023, IT ACT 2000). Experience with risk assessment methodologies and tools. Strong analytical and problem-solving skills with meticulous attention to detail. Excellent written and verbal communication skills, with the ability to articulate complex technical and compliance concepts clearly. Ability to work independently and collaboratively in a fast-paced environment. Exceptional Documentation & presentation Skill. Prior experience with GRC Tools & Cybersecurity Awareness tools like KNowbe4 will be preferred. Preferred Certifications (one or more): CompTIA Security+ (ISC) SSCP (Systems Security Certified Practitioner) ISACA CISA (Certified Information Systems Auditor) - a strong plus ISACA CRISC (Certified in Risk and Information Systems Control) ISO 27001 Lead Implementer/Auditor
