Match score not available

Information Security Audit + Compliance Specialist

extra holidays - extra parental leave
Remote: 
Full Remote
Contract: 
Salary: 
6 - 6K yearly
Experience: 
Mid-level (2-5 years)
Work from: 

Offer summary

Qualifications:

3+ years experience in information security audit, Bachelor’s degree in information security or equivalent, Fluent in English for stakeholder communication, Detailed knowledge of ISO 27001:2022 and SOC 2 Type II, Understanding of privacy laws like CCPA and GDPR.

Key responsabilities:

  • Plan and organize internal audits for ISO 27001 and SOC 2
  • Develop and maintain Information Security Compliance policies
  • Conduct supplier audits and manage external audits
  • Create reports using agreed KPIs and assist with ISR tasks
  • Support the business to ensure HIPAA compliance
HH Global logo
HH Global Marketing & Advertising Large https://www.hhglobal.com/
1001 - 5000 Employees
See more HH Global offers

Job description

Purpose of Job

We are seeking a dedicated Information Security Compliance Specialist to join our team. The ideal candidate will assist in planning, organizing, and performing internal audits, developing and maintaining compliance policies, conducting supplier audits, completing client audits/assessments, and managing risk assessments. This role is crucial in ensuring our organization adheres to ISO 27001:2022and SOC 2 Type II standards, as well as various privacy laws.

As an Information Security Audit and Compliance Specialist you will be responsible for supporting management with the overall enhancement and assurance of Information Security. The role includes developing, maintaining , enforcing Information security standards, procedures in line with ISO/IEC 27001:2022standards, SOC 2 Type II principles, and HIPAA compliance. The role will apply industry best practice to fulfil stakeholder requirements; the provision of expert advice to projects within HH Global including evaluating, reviewing, recommending and setting baselines for new security technologies for use within the business.

This role includes a collective oversight of risk management, compliance, assurance and governance including the technical and organizational controls assuring the confidentiality, integrit y and availability of information assets. You will also b e responsible for providing expert guidance and techniques and presenting efficient and pragmatic change recommendations to stakeholders enabling them to own and manage their information security requirements and controls to change or improve their ISMS.

This role will be based remotely.

Key Responsibilities

  • Assist in planning, organizing, and performing ISO 27001:2022 and SOC 2 Type II internal audits.
  • Develop, initiate, maintain , and revise policies and procedures for the Information Security Compliance Program.
  • Conduct supplier audits and manage external audits, identifying risks and action plans, and contribute to the Supplier Risk Management program.
  • Assist with investigations of alleged violations of Information Security policies and procedures.
  • Conduct privacy risk assessments to understand the risk landscape and the mitigation needed to achieve data privacy compliance.
  • Create information security reports using agreed KPIs.
  • Assist with other Information Security and Risk (ISR) administrative responsibilities.
  • Work with Information Security infrastructure owners to implement IT security programs.
  • Manage and maintain Risk Registers and Risk owners.
  • Cultivation of business relationships, review, and interpretation of new sources of information on current and emerging laws, rules, regulations, and industry practice relating to Information Security.
  • Assist in the planning, organizing and performing of ISO 27001:2022 and SOC 2 Type II internal audits.
  • Track and investigate information security incidents.
  • Support the business as a covered entity with the guidance and expertise necessary to ensure HH Global is HIPAA compliant.

Knowledge , Skills + Experience

  • 3+ years of experience in information security audit and compliance.
  • Bachelor’s degree or equivalent relevant experience in information security.
  • Fluent in English and able to communicate clearly to stakeholders in other regions and countries regarding audits and risk assessments.
  • Ability to work independently without supervision.
  • Detailed knowledge of ISO 27001:2022 frameworks and SOC 2 Type II principles, associated legislation, and good practice standards with good core knowledge of web and network security plus excellent general information security knowledge.
  • Strong understanding of privacy laws such as CCPA, GDPR, and HIPAA.
  • Experience with supplier audits, external audit management, and risk identification.
  • Knowledge of the OneTrust Privacy platform, particularly Vendor Management and Risk Management modules.
  • Experience with security risk assessment, gap analysis, and management through controls to mitigate identified risks.
  • Experience with incident response processes.
  • Willingness to learn about the latest trends in cybersecurity and keep up to date in a continuously challenging environment.

Your application will be reviewed by a member of our Recruiting Team and we'll reach out to you directly if there's a fit for the position. We're using video conferencing software to conduct many of our interviews, but all interviews will be live with a member of our Recruiting or Hiring teams.

Apply Now

Required profile

Experience

Level of experience: Mid-level (2-5 years)
Industry :
Marketing & Advertising
Spoken language(s):
EnglishEnglish
Check out the description to know which languages are mandatory.

Other Skills

  • Technical Acumen
  • Verbal Communication Skills
  • Analytical Thinking

Risk and Compliance Analyst Related jobs