Job Description
Job Role & Responsibilities
- Manage, maintain, and improve the compliance management of internal controls to meet internal and external compliance SOC2 and ISO 27001 security requirements.
- Evaluate the design and test the operating effectiveness of key controls identified and provide control enhancement recommendations as appropriate
- Assist with tracking audit exceptions for all audits performed.
- Contribute to other risk management activities, which may include exception monitoring and tracking, vendor viability assessments, and other special projects as needed
- Determines compliance by establishing compliance test standards, conducting and witnessing tests, performing diagnostic procedures, measuring performance, analyzing and evaluating findings, and performing forensic analysis and troubleshooting of failures.
- Attains compliance by isolating and resolving compliance issues, recommending product and process changes, and initiating engineering change orders.
- Documents compliance by completing approval applications, recording test results, preparing investigative reports, preparing, and filing Declarations of Conformity, and maintaining compliance database.
- Maintains engineering team accomplishments by reviewing open issues and action items, coordinating actions, and contributing information and analysis to team meetings and reports.
- Prepares compliance reports by collecting, analyzing, and summarizing measurement data and trends.
- Experience with Vanta or Drata type of platform is preferred.
- Working of Google Cloud , AWS is preferred.
Qualification Required
- Bachelors Degree in a technical discipline or equivalent work experience in IT and/or Security.
- Any degree in Total Quality Management, or Process Management
- Any certification of Process Audit like ISO / SOC 2 is preferred.
Specific Qualification
Any degree in Quality Control management or similar.
Technical background
In audit of ISO 27001 / SOC 2 Type 2
Minimum skills we look for
- Information Security framework implementation (ISFMI)
- Risk Management framework, Drafting Risk Registers
- Incident management, Incident tracker
- Experience in conducting internal and external audits
- Experience in Service Organization trust service criteria (SOC 1 & 2) is preferred.
- Excellent writing skills needed to deliver reports detailing findings and associated recommendations for information security programs to help meet the client security and compliance standards.
- Bachelors Degree in a technical discipline or equivalent work experience in IT and/or Security.
- 1 - 3 years of experience in security or risk management, performing security assessments in a client-facing/consulting role.
- Professionalism, problem-solving, customer-facing and handling skills, time management, written and verbal communication, presentation skills, active listening, flexibility.
- Ability to think holistically and identify areas of technical and non-technical risk.
- Knowledge of writing technical reports and presenting to non-technical audiences.
- Comfortable working in ambiguous and/or undefined situations.
- Must be available for on-project travel.
Any specific tools you are looking for
Drata or any other security related tools
Minimum experience: in domain / overall industry
1 - 3 years of experience in security or risk management, performing security assessments in a client-facing/consulting role.
Key Skills
Information Security Management,ISO 27001,Quality Control Management
Location
San Ramon,California,United States