Information Security and Compliance Specialist

Information Security and Compliance Manager

This role is responsible for managing client security questionnaires, coordinating audits, and ensuring compliance with industry standards and regulations.

We are seeking an experienced professional to join our team as an Information Security and Compliance Manager. This person will be a key member of the Information Security team and will work closely with other departments to ensure that all security and compliance requirements are met.

• Establish and maintain a repository of standardized security questionnaire responses
• Manage timely and accurate responses to client security questionnaires
• Collaborate with internal teams (IT, Legal, InfoSec) to gather documentation for client inquiries
• Serve as primary point of contact for clients regarding security-related inquiries

Audit Coordination and Management

The successful candidate will have experience in managing third-party audits and internal audit processes, including preparing comprehensive evidence packages for security audits.

The candidate should also have excellent project management and organizational skills, with the ability to handle multiple audits and client requests simultaneously.

• Lead and coordinate client and internal audits for compliance assessment (ISO 27001, HIPAA, etc.)
• Serve as liaison between organization and external auditors/clients
• Prepare comprehensive evidence packages for security audits
• Collaborate with teams to design mitigation strategies for identified risks
• Work with control owners to create and implement corrective action plans

Contract and Insurance Management

The ideal candidate will have experience in creating security terms and conditions for contract inclusion and reviewing MSA security terms and providing feedback to legal team.

The candidate should also have experience responding to cyber insurance questionnaires based on implemented controls and certifications.

• Create security terms and conditions for contract inclusion
• Review MSA security terms and provide feedback to legal team
• Respond to cyber insurance questionnaires based on implemented controls and certifications

Process Improvement and Stakeholder Engagement

The successful candidate will identify opportunities to improve efficiency of questionnaire responses and audit processes, develop templates and workflows to streamline client questionnaire completion, and engage with clients and third-party auditors regarding organizational security posture.

The candidate should also communicate effectively with internal stakeholders and senior leadership, providing recommendations to management for security practice improvements.

• Identify opportunities to improve efficiency of questionnaire responses and audit processes
• Develop templates and workflows to streamline client questionnaire completion
• Engage with clients and third-party auditors regarding organizational security posture
• Communicate effectively with internal stakeholders and senior leadership
• Provide recommendations to management for security practice improvements

Required Qualifications

To be considered for this role, candidates should have:

• 10+ years of experience in information security with audit management focus
• Bachelor's degree in Information Security, Cybersecurity, Computer Science, Engineering, or related field (or equivalent work experience)

Certifications

Prior experience with CISA, CRISC, CISM, or CISSP certification is preferred.

Core Competencies

The ideal candidate will possess:

• Proven experience responding to security questionnaires and managing client audits
• Experience managing third-party audits and internal audit processes
• Excellent project management and organizational skills
• Ability to handle multiple audits and client requests simultaneously
• Advanced verbal and written communication skills
• Self-motivated learner with strong organizational abilities

What We Offer

Join our dynamic team and enjoy:

• Cross-functional collaboration across IT, Legal, and Compliance teams
• Strategic role in organizational security posture
• Fast-paced, dynamic work environment
• Professional development and growth opportunities

If you're passionate about Information Security and Compliance, we encourage you to apply.

---