IT Risk and Compliance Specialist
The IT Risk and Compliance Specialist will be responsible for ensuring that the organisation adheres to IT security regulations, industry standards, and internal policies, specifically focusing on compliance with ISO27001, SOC, NIST and other relevant frameworks. This is an independent role focused on building IT risk and compliance programs from the ground up, rather than simply executing pre-existing plans. The role will involve managing risk assessments, developing compliance strategies, conducting audits, and ensuring the continuous improvement of security controls.
Key Responsibilities:
Compliance:
Ensure the organisation’s IT systems, policies, and procedures comply with ISO 27001, SOC, NIST and other relevant frameworks.
Monitor the regulatory landscape and recommend necessary updates to IT compliance practices.
Lead initiatives to achieve and maintain certifications for ISO 27001, SOC, and similar standards.
Risk Assessment and Mitigation:
Conduct regular IT risk assessments to identify potential vulnerabilities and security risks.
Work with various teams to develop, automate, implement, and monitor risk mitigation strategies.
Establish and maintain risk registers, ensuring they are up-to-date with identified risks and remediation efforts.
Audit and Documentation:
Prepare and manage internal and external IT audits for ISO 27001, SOC and other certifications.
Maintain thorough documentation of security controls, procedures, and compliance activities.
Coordinate with external auditors and internal stakeholders to address audit findings and ensure timely remediation.
Policy Development:
Develop, maintain, and update IT security policies, procedures, and guidelines in line with compliance requirements.
Collaborate with cross-functional teams to ensure that policies are communicated and enforced across the organization.
Training and Awareness:
Conduct regular IT security and compliance training for employees to ensure awareness of relevant policies and regulations.
Serve as a subject matter expert (SME) for compliance-related inquiries and issues.
Continuous Improvement:
Monitor changes in regulatory requirements, emerging security threats, and best practices to enhance the organization's compliance posture.
Develop and implement continuous improvement initiatives to ensure the organization's IT risk and compliance programs remain current and effective.
Incident Management:
Support the incident response team in the identification and resolution of security incidents, ensuring compliance with regulatory reporting requirements.
Required Qualifications:
- Bachelor’s degree in Information Technology, Cybersecurity, or a related field.
- 3-5 years of experience in IT risk management, compliance, or information security, with demonstrated success in building and implementing compliance programs.
- In-depth knowledge of ISO 27001, SOC, NIST, GDPR, and related frameworks.
- Proven ability to design and implement compliance programs independently, with minimal to no oversight.
- Experience conducting risk assessments and managing compliance audits.
Nice to have:
- Certifications such as CISA, CISM, CRISC, ISO 27001 Lead Auditor, or Certified Information Systems Security Professional (CISSP).
- Experience working in regulated industries like finance, healthcare, or technology.
- Familiarity with governance, risk, and compliance (GRC) tools and technologies.
Skills:
- Independent thinker with the ability to take initiative in designing and building risk and compliance program for the organisation.
- Excellent communication skills and the ability to collaborate with technical and non-technical stakeholders.
- Strong analytical and problem-solving abilities.
- Attention to detail and a proactive approach to identifying and addressing compliance risks.
- Department
- Engineering
- Locations
- Pune
- Remote status
- Hybrid Remote
- Employment type
- Full-time
IT Risk and Compliance Specialist
Loading application form
Already working at ClearRoute?
Let’s recruit together and find your next colleague.