Vets Hired
Security Compliance Specialist
Vets Hired, San Jose, California, United States, 95199
About the job Security Compliance Specialist
Responsibilities:
Support the maintenance of strong governance, risk, and the compliance process for ISO 27001.Continuously improve the security framework, methodology, standards, and system of internal controls.Govern the NCR process and ensure corrective actions are completed.Establish and monitor performance metrics, trending reports, and KPI.Create and maintain internal governing documents for compliance with ISO 27001 various auditing procedures and internal security controls.Regularly examine the organization's information security risks, analyzing threats, vulnerabilities, and impact.Serve as the main point of contact for all compliance audits such as ISO27001, ISO9001, SOX, security policy, and data privacy as needed.Create, manage, and document standard operating procedures and best practice guidelines.Develop security awareness training content, campaigns; deliver training to employees.Manage third-party, supply chain, and cloud vendor risk reduction and mitigation programs.Perform security risk assessment and identify risk mitigations for new projects, programs, etc.Act as the project manager for security projects to track deliverables, and identify risks.Responsible for daily security monitoring, detections, and investigations.Support the team with other areas of security and governance as needed.Requirements:
Preferred 5+ years in Information Security risk and governance experience.Bachelors degree in risk management, information security, or related discipline.Strong knowledge of security principles and risk managementExperience with ISO27001 and NIST-800 are a mustExcellent verbal and written communication skills to document, communicate findings, and interact with business customers.Preferred Requirements:
CISSP or CISA Security Certification a plus
Responsibilities:
Support the maintenance of strong governance, risk, and the compliance process for ISO 27001.Continuously improve the security framework, methodology, standards, and system of internal controls.Govern the NCR process and ensure corrective actions are completed.Establish and monitor performance metrics, trending reports, and KPI.Create and maintain internal governing documents for compliance with ISO 27001 various auditing procedures and internal security controls.Regularly examine the organization's information security risks, analyzing threats, vulnerabilities, and impact.Serve as the main point of contact for all compliance audits such as ISO27001, ISO9001, SOX, security policy, and data privacy as needed.Create, manage, and document standard operating procedures and best practice guidelines.Develop security awareness training content, campaigns; deliver training to employees.Manage third-party, supply chain, and cloud vendor risk reduction and mitigation programs.Perform security risk assessment and identify risk mitigations for new projects, programs, etc.Act as the project manager for security projects to track deliverables, and identify risks.Responsible for daily security monitoring, detections, and investigations.Support the team with other areas of security and governance as needed.Requirements:
Preferred 5+ years in Information Security risk and governance experience.Bachelors degree in risk management, information security, or related discipline.Strong knowledge of security principles and risk managementExperience with ISO27001 and NIST-800 are a mustExcellent verbal and written communication skills to document, communicate findings, and interact with business customers.Preferred Requirements:
CISSP or CISA Security Certification a plus