Information Security Compliance Senior. Expert

Define and implement information security requirements for products, ensuring compliance with internal policies and external regulations. Monitor and maintain compliance with relevant regulations (e.g., GDPR, HIPAA) and industry standards, preparing necessary documentation and reports. Lead the processes to obtain and maintain various security certifications (e.g., ISO27001, PCI-DSS), conducting internal audits and coordinating with external auditors. Collaborate with cybersecurity teams to conduct thorough risk assessments, identifying vulnerabilities and proposing strategic mitigation plans. Regularly evaluate and test products for security vulnerabilities, providing recommendations for remediation and enhancements. Develop, review, and implement the organization's information security policy, ensuring it aligns with industry standards and best practices. Design and conduct training programs to educate employees on information security risks and best practices, fostering a security-aware culture within the organization. Oversee the incident response plan, ensuring timely and effective strategies are in place for addressing security breaches or threats. Continuously monitor security systems and protocols, generating reports for senior management that outline the security posture and compliance status of products. Work closely with various departments (e.g., IT, legal, operations) to ensure cohesive security practices and to communicate compliance statuses and challenges. Keep abreast of the latest trends, technologies, and regulatory changes in information security to continuously improve the organization's security practices. Bachelor's degree in Information Security, Computer Science, Information Technology, or a related field. A master's degree or relevant certifications (CISSP, CISM, etc.) is a plus. Minimum 5 years of proven experience in information security, cybersecurity, or compliance roles, with a focus on product security. Proven knowledge and experience with security frameworks and certifications such as ISO27001, PCI-DSS, NIST, or similar standards. Strong understanding of security technologies (e.g., firewalls, intrusion detection systems, encryption), risk management processes, and vulnerability assessment tools. Exceptional analytical and problem-solving abilities, with a keen eye for detail and the ability to assess complex security issues effectively. Excellent verbal and written communication skills, capable of explaining complex security concepts to non-technical stakeholders. Strong interpersonal skills with the ability to collaborate effectively with a diverse team of professionals. Not a perfect fit? Worried that you don't meet all the desired criteria exactly? If you're excited about this role but your experience doesn't align exactly with every part of the job description, we encourage you to still apply as you may be the right candidate for this role or another opportunity.