TAC Security

& Program Management- Lead the full lifecycle of compliance programs from scoping and gap assessments to remediation, controls implementation, audit prep, and certification.- Maintain and continually improve the Information Security Management System (ISMS) as per ISO standards.- Oversee the SOC 2 program: manage readiness assessments, control design, evidence gathering, auditor liaison, and remediation.- Map controls across frameworks (ISO, SOC, others) to drive efficiencies and avoid duplication.- Monitor emerging standards, regulatory changes, and industry best practices; evaluate relevance and lead adoption when needed.Audit & Assurance- Plan, coordinate, and lead internal audits of security controls, policies, and processes.- Interface with external auditors, respond to audit inquiries, facilitate walkthroughs, and drive closure of findings.- Conduct regular review of control effectiveness, risk assessments, and control self-assessments.- Prepare and deliver audit readiness documentation, reports, dashboards, and metrics to leadership.Risk, Controls & Remediation- Perform regular risk assessments, including IT, process, and vendor risks, and propose mitigations.- Track and manage the remediation of identified gaps (from audits or assessments), ensuring timely closure.- Oversee thirdparty / vendor security assessments (questionnaires, audits, due diligence), ensure vendor controls align with TACs security posture.- Assist with defining, enforcing, and measuring key security metrics, KPIs, KRIs, SLAs, pass/fail criteria, etc.- Policy & Process- Develop, maintain, and communicate security and compliance policies, standards, procedures, and guidelines.- Collaborate with stakeholders (Engineering, DevOps, IT, HR, Legal) to ensure alignment and adoption of control requirements.- Drive security awareness and training programs tied to compliance responsibilities.- Help embed security by design principles in development, operations, and architecture.- Supporting Functions- Respond to customer / prospect security questionnaires, RFPs, diligence requests, and security audits.- Participate in vendor selection / procurement decisions from a security compliance perspective.- Assist in incident response related to compliance gaps or control failures (e., root cause analysis, postmortem, corrective actions).- Provide advisory support in projects, changes, new initiatives assess compliance impact proactively.Qualifications & Experience:Education / Certifications:- Bachelors degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience).- Professional security / audit certifications preferred, e.g ISO 27001 Lead Auditor or Lead Implementer.CISSP, CISM, CISA, CRISC or Typically 5+ years in information security, risk, or compliance roles with hands-on experience in ISO compliance and audits.- Proven track record managing SOC 2 (Type I / Type II) compliance programs (at least 1 full audit cycle).- Experience working with external auditors and managing audit processes end to end.- Familiarity with cloud environments (AWS, Azure, GCP), SaaS, DevOps, and how they relate to security and compliance.- Experience with vendor / third-party risk assessments.- Strong stakeholder management skills and ability to influence across technical and non-technical teams.Skills & Competencies:- Deep understanding of ISO (27001, 27701 or relevant) and SOC 2 frameworks, trust service criteria, control requirements, etc.- Excellent analytical skills ability to identify gaps, risks, and propose effective remediation.- Strong documentation skills policies, procedures, evidence, audit artifacts.- Excellent communication (verbal & written) ability to present to executives, technical teams, and auditors.- Project management skills ability to juggle multiple assurance initiatives, set timelines, and drive closure.- High ownership, integrity, attention to detail, and ability to work independently or as part of cross-functional teams. (ref:iimjobs.com)