IT Compliance Specialist II

What you'll do:

• Participate in internal and/or external audits and security assessments (e.g. ISO 27001, CSA STAR, PCI, SOC 2, etc.).
• Conduct periodic IT Compliance reviews to ensure appropriate design and operating effectiveness of primary controls. Identifying gaps in controls and propose remediation plans.
• Assist in the day-to-day compliance and audit operational activities.
• Work with control owners to ensure timely review and updates to documentation, controls, and the completion of remediation items.
• Attend periodical status meeting with internal/external audit teams.
• Perform third-party vendor risk assessments by reviewing vendors security posture and architecture, drafting security assessment reports outlining risks identified.
• Provide technical knowledge and analysis of information assurance, including, but not limited to: application controls; operating systems; physical security; identity and access management; risk assessment; privacy, infrastructure continuity and contingency planning; security awareness and training, etc.
• Initiate, facilitate, and promote activities to foster information security awareness within the organization.
• Excellent communication and presentations skills with the ability to deliver complex concepts to both technical and non-technical audiences.
• Lead the ongoing and annual security awareness training program, reviewing the content, coordinating assignments and follow ups with end users to ensure training is completed timely.
• Relationship building skills especially in areas where diplomacy is needed to help ensure that new policies and procedures gain the support they need to be adopted by the organization.
• Proactively offer internal security consulting on policy, controls, standards and best practices to business functions and end users.
• Day-to-day assistance with InfoSec. departmental operational actives.
• Work independently with minimal oversight from management.

What you'll bring:

• 3-5 years of proven Information security, vendor governance, IT compliance, audit, and risk management related experience.
• Strong experience with IT compliance frameworks, requirements and regulatory standards such as, but not limited to: ISO 27001, HIPAA, PCI, CSA STAR, SOC 2, GDPR, NIST, etc.
• Knowledge of corporate security policies, procedures and information security best practices.
• Bachelor’s degree in Computer Science, Engineering.
• Professional certifications are an asset: CISSP, CISA, CISM, or CRISC.
• Experience with security and compliance as it relates to a SaaS offering.
• Knowledge of European security and privacy practices.
• Extremely well organized, detailed oriented and attentive to deadlines