Position Overview:
We are seeking a Compliance Security Engineer to join our team. The ideal candidate will be
responsible for ensuring that our organisation adheres to all relevant security standards and
regulations. This role will involve developing and maintaining compliance frameworks,
conducting security assessments, and implementing controls to mitigate risks. The
Compliance Security Engineer will collaborate with cross-functional teams to ensure that our
systems and processes meet industry best practices and regulatory requirements.
Key Responsibilities:
1. Develop and maintain compliance frameworks based on industry standards and
regulatory requirements.
2. Conduct security assessments to identify vulnerabilities and assess risks to our systems
and infrastructure.
3. Implement security controls and measures to mitigate identified risks and ensure
compliance.
4. Monitor and analyse security events and incidents, and respond to security breaches in a
timely manner.
5. Collaborate with internal teams to integrate security requirements into the software
development lifecycle.
6. Assist in the development and maintenance of security policies, procedures, and
documentation.
7. Stay updated on emerging threats, vulnerabilities, and regulatory changes to continuously
improve our security posture.
8. Participate in audits and assessments to ensure adherence to compliance standards and
regulations.
9. Provide security guidance and expertise to various teams within the organisation.
10. Contribute to the improvement of security awareness and training programs for
employees.
Qualifications:
– Bachelor’s degree in Computer Science or Information Technology.
– Proven experience (5-7 years) working in compliance and security roles.
– In-depth knowledge of security standards and regulations such as ISO 27001, NIST, CIS,
SO2 etc.
– Hands-on experience with security assessment tools and methodologies.
– Strong understanding of networking concepts, operating systems, and cloud environments.
– Excellent communication skills with the ability to convey complex technical information to
non-technical stakeholders.
– Relevant certifications such as CISA, CISM, or equivalent are preferred.
– Ability to work independently and collaboratively in a fast-paced environment.
– Attention to detail and strong analytical skills.
– Experience with security incident response and forensic analysis is a plus.