Security Compliance Officer

Job Description Job Overview: SQ1 Security is seeking an experienced Cybersecurity and Compliance Expert to lead and drive our initiatives toward achieving SOC 2, ISO 27001, GDPR, and HITRUST certifications. Key Responsibilities: •  Develop and Maintain Security Frameworks: Design, implement, and maintain information security policies, procedures, and controls aligned with SOC 2 (Type I & II), ISO 27001, GDPR, PCI DSS, NESA, and other relevant frameworks. •  Governance and Compliance Oversight: Organize and facilitate security governance meetings (e.g., Steering Committees) and ensure continuous compliance with internal and external regulatory requirements. •  Audit and Certification Management: Lead internal and external audits, coordinate with auditors and regulatory bodies, and ensure successful attainment and renewal of certifications such as SOC 2, ISO 27001, HITRUST, CMMC, and PCI DSS. •  Risk Management: Conduct and document information security risk assessments, gap analyses, and develop remediation plans to address identified risks. •  Change and Incident Management: Participate in the Change Advisory Board (CAB), contribute to security testing and incident response activities, and ensure change management processes align with security best practices. •  Continuous Improvement: Stay updated on evolving information security standards, privacy regulations, and industry best practices, ensuring timely adaptation and organizational compliance. •  Stakeholder Collaboration: Work closely with IT, Legal, Risk, and Business units to strengthen governance, data protection, and compliance posture across the organization. •  Strategic Advisory: Advise leadership on emerging compliance trends, governance enhancements, and long-term strategies to sustain certification readiness and regulatory alignment. Required Skills/Technologies/Tools •  Education & Experience: • Minimum of 5 years of experience in information security or compliance roles, including maintaining SOC2 and ISO 27001 ISMS certifications. • Proven experience in leading or supporting SOC 2 and ISO 27001 implementations, preferably within Consulting,Medical or other regulated industries. •  Technical & Regulatory Knowledge: • Strong understanding of information security frameworks such as ISO/IEC 27001, NIST, CIS, GDPR, and related compliance standards. • Familiarity with UAE regulatory and legal frameworks, including NESA, DESC, ISR, ADSIC, and SEBI regulations. •  Certifications (Preferred): • CISSP, CISM, CISA, PCI-DSS Implementer, ISO 27001 Lead Auditor/Implementer or equivalent certifications. Good to have Technologies/Tools Certifications: ISO 42001, ISO27701, CRISC Requirements The Senior Network Engineer will oversee enterprise network operations and manage infrastructure across multiple locations. The role includes strategic planning, technical leadership, and innovation in IT environments. Responsibilities: · Mentor a junior network engineers across sites · Manage network infrastructure (Fortinet, D-Link, IPBX, AD, VPN, SD-WAN, ZTNA) · Oversee cloud networking (AWS, Azure) and virtualization (VMware ESXi) · Ensure network security, compliance, and SLA adherence · Drive innovation and automation in network operations · Handle escalations, project execution, and vendor coordination · Maintain documentation and deliver training sessions · Support CCTV, NVR, NAS, and server infrastructure · Work rotational shifts and travel as needed Required Skills/Technologies/Tools · Firewall and switches Technologies: Fortinet firewalls (FG200F), Sophos, D-Link switches/APs · VPN & Remote Access: VPN (IPsec VPN, SSL VPN), SD-WAN, BGP, MPLS, ZTNA, · Authentication & Access Control: LDAP, RADIUS, SAML, Azure MFA, DUO, Okta, Single Sign-On (SSO), Active Directory / Azure Entra ID · Routing & Protocols: TCP/IP, DNS, DHCP, HTTP/HTTPS, SSH, SSL/TLS, BGP, OSPF, SNMP, ARP, ICMP, NAT · Network Monitoring & Troubleshooting: Wireshark, TCP Dump, Traceroute, lookup, Curl, PRTG Network Monitor, Prometheus, Grafana · Virtualization: VMware, Hyper-V, Citrix VDI, VirtualBox · Cloud Technologies: EC2, VPC, IAM, S3, Cloud NGFW, Load Balancers, Direct Connect, Azure, Virtual Machines, Azure AD, Sentinel, VNet, and WebApp, Application Gateway · Operating Systems: Windows, Linux (Ubuntu/Kali), MacOS · Tools & Platforms: ServiceNow, Salesforce, Jira, Fresh Service, ManageEngine, Jenkins (CI/CD), Ansible, Panorama (Centralized Firewall Management), Zscaler (Cloud Security), Miradore (MDM) · Scripting for automation · Documentation and training delivery · ITSM tools and SLA management Requirements Good to have: CCNP/CCIE, Fortinet NSE, AWS/Azure Networking certifications, AZ-900