Information Security Compliance and Risk Specialist

We are seeking an enthusiastic Information Security Compliance and Risk Analyst ready to join a talented, hard-working, and ambitious Infosec team. 

What you’ll do

The ideal candidate will possess a deep understanding of risk management practices, be adept at navigating privacy regulations, and have practical experience in implementing and auditing compliance programs related to PCI-DSS, PCI-SSF, SOC 2 and ISO 27001/27002. You will work closely with various teams to enhance the organization's security posture, ensure data privacy compliance, and support ongoing efforts to meet industry standards and regulations.

Responsibilities

• Manage and assess the effectiveness of the organization's information security governance framework.
• Support the development, maintenance, and enforcement of security policies, procedures, and controls to meet regulatory requirements.
• Assist with conducting assessments of existing IT architecture for compliance with security requirements from applicable security frameworks (such as NIST CSF, NIST 800-53, FBI CJIS CSP, etc.)
• Oversee and support the implementation of PCI DSS/SSF compliance processes, controls, and audits.
• Conduct assessments and audits to ensure ongoing compliance with PCI DSS/SSF, SOC 2 and ISO 27001
• Support the implementation and maintenance of the ISO 27001 Information Security Management System (ISMS).
• Conduct internal audits and assessments to evaluate compliance with ISO 27001 standards and support certification activities.
• Assist in the development of risk management strategies aligned with ISO 27001 requirements.
• Monitor and ensure compliance with privacy regulations such as CCPA, GDPR (where applicable), PIPEDA (Canada), LFPDPPP (Mexico), and others applicable.
• Conduct audits and assessments to ensure data protection policies comply with regional privacy regulations and develop and implement privacy training programs and awareness initiatives for employees.

Experience We’re Looking For

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations.
• Expertise in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP).
• Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance. 
• Strong attention to detail and the ability to work independently.
• Excellent problem-solving skills with a proactive attitude toward risk mitigation.
• ​​Strong ethical standards and commitment to data security and privacy.

Nice to have

• Experience and familiarity with cloud data security and working with public cloud solutions (AWS).
• Experience working with Governance Risk and Compliance technologies.
• Experience implementing Data Privacy Technologies.
• Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)