Sr Compliance Specialist

Develop, document, and maintain information security policies, procedures, and standards in alignment with regulatory frameworks (e.g., ISO 27001, NIST, SOX, GDPR, HIPAA). Collaborate with multi-functional teams (HR, Legal, IT, Risk Management, etc.) to ensure policies are practical, comprehensive, and aligned with business operations. Conduct regular reviews and updates to policies based on new compliance requirements, audit findings, or emerging risks. Support internal and external audit processes related to IT security compliance. Supervise regulatory changes and provide recommendations for policy adjustments. Design, complete, and be responsible for phishing simulation campaigns to proactively test and improve employee awareness and resilience against social engineering attacks. Analyze phishing simulation results and report findings to leadership with actionable insights and improvement strategies. Develop and deliver cybersecurity awareness content (emails, trainings, presentations) to promote a security-first culture across the organization. Develop informative materials tailored to different audiences (technical and non-technical employees). Assist in security risk assessments and gap analyses related to vendors. Maintain documentation of compliance activities, incidents, training records, and risk assessments. Produce clear, executive-ready reports and dashboards showing compliance status, phishing test outcomes, and awareness program efficiency. Experience developing, writing, and maintaining information security policies and procedures. Proficient in analyzing security events and human risk metrics to drive improvements.