Senior Compliance Expert

The GRC Team's Role

We are seeking a seasoned leader to drive projects related to critical certifications like ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and others. This role will play a pivotal part in managing and ensuring compliance with regulatory and operational security standards while collaborating with various stakeholders.

About the Job

This position requires hands-on technical and functional expertise, as well as the ability to manage and develop teams, oversee compliance programs, and report to leadership committees.

Key Responsibilities:

• Lead and manage the implementation, maintenance, and certification processes for ISO 27001, 27701, 27017, HITRUST, SOC 2, SOC 3, and similar standards.
• Oversee and manage internal and external audits, identifying gaps, and ensuring timely closure of audit findings.
• Collaborate with cross-functional teams, including IT, security, legal, and risk management, to ensure alignment on security compliance initiatives.
• Drive continuous improvement initiatives to enhance compliance posture, developing and enforcing security policies, procedures, and controls.

Stakeholder Collaboration & Communication:

• Act as the primary liaison between internal teams and external auditors, certification bodies, and regulators.
• Build and maintain strong working relationships with key stakeholders, including senior leaders, to ensure compliance objectives are met.
• Provide expert advice on compliance issues and support various departments with technical and policy-driven guidance.

People Management & Leadership:

• Lead, mentor, and develop a team of compliance professionals, fostering a high-performance culture.
• Manage team workload, project assignments, and career development, ensuring that the team is up-to-date with industry standards and compliance practices.
• Oversee team training programs to ensure knowledge sharing and skills development in compliance and audit.

Project Management & Reporting:

• Lead compliance projects, including budgeting, forecasting, resource planning, and reporting progress to leadership committees.
• Develop project timelines, track milestones, and ensure timely delivery of compliance and audit activities.
• Provide regular reports and updates to senior management, including dashboards and key performance indicators (KPIs) to assess the organizations compliance and risk posture.
• Collaborate with internal teams to ensure smooth integration of compliance requirements into new and existing technologies.

Strategic Planning & Operational Compliance:

• Contribute to the development of the organization's broader compliance strategy, aligning with industry trends and emerging regulations.
• Proactively identify potential risks and vulnerabilities and develop risk mitigation strategies.
• Lead operational compliance efforts across various functions, ensuring comprehensive coverage of security, privacy, and data protection requirements.

Requirements:

• Bachelors degree in computer science, Information Technology, Cybersecurity, or a related field. A masters degree or MBA is preferred.
• 10-15 years of experience in IT compliance, audit, and information security, with specific experience managing ISO 27001, ISO 27701, ISO 27017, HITRUST, SOC 2, SOC 3, and related certifications.
• Proven track record of managing compliance programs and leading audits across large, complex organizations.
• Strong leadership and people management experience, with a demonstrated ability to lead, develop, and motivate high-performing teams.
• Excellent project management skills with the ability to manage budgets, forecasts, timelines, and complex stakeholder requirements.
• Deep understanding of cloud security (Azure, AWS, GCP) and privacy standards, with experience working with cloud engineering and DevSecOps teams.
• Strong problem-solving skills with the ability to influence and engage with C-level executives and senior stakeholders.

Certifications:

• CISA (Certified Information Systems Auditor)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• ISO 27001 Lead Auditor/Lead Implementer
• HITRUST Certified CSF Practitioner
• Certified Cloud Security Professional (CCSP)
• PMP (Project Management Professional) or equivalent certification.