Cyber Security Compliance Specialist

Job Title: Cybersecurity Compliance Specialist

Contract- 6 Months

Location : Hyderabad

Job Summary:
We are seeking a detail-oriented and knowledgeable Cybersecurity Compliance Specialist to join our Information Security team. This role is a key position that will help to ensure our organization meets all cybersecurity compliance requirements and effectively communicates our security posture to customers. The ideal candidate will have a strong understanding of cybersecurity frameworks like NIST CSF, 800-171, ISO 27001, and CIS Controls, plus compliance requirements like SOC 2, GDPR, CCPA, HIPAA, PCI-DSS, and be able to effectively communicate complex technical information to both technical and non-technical audiences. Candidates should have the ability to manage multiple compliance-related tasks at the same time.

Key Responsibilities:

• Customer Compliance Forms: Review and analyze customer-provided cybersecurity questionnaires and requests for security assessments. Complete and manage cybersecurity compliance forms and questionnaires from customers, ensuring accurate and timely responses.
• 3rd Party compliance requirements. They will identify gaps and inconsistencies in vendor responses to our compliance requests and questionnaires. Validate vendor responses against our internal security controls and policies to determine compliance. Prepare detailed reports summarizing findings and recommendations.
• Documentation and Governance: They will maintain and update our security policies and documentation related to the security program and controls, including the WISP, DR and BC plans, as well as ensuring that our documentation is comprehensive and up to date.
• Compliance Assurance: This person will work closely with internal teams to ensure our security practices align with industry standards and regulatory requirements (e.g., NIST CSF 2.0, 800-171, GDPR, HIPAA and others).
• SOC 2 Type 2 Audit Knowledge: This person will lead the work required for responding to external audits, providing necessary documentation and evidence of compliance. Understanding the requirements and processes involved in SOC 2 Type 2 audits, including the Trust Services Criteria (security, availability, processing integrity, confidentiality, and privacy
• Communication: They will serve as the primary point of contact for customer inquiries related to our cybersecurity program, providing clear and concise information to customers and internal stakeholders.

Qualifications:

• Education: Bachelors degree in information security, Computer Science, or a related field.
• Experience: Minimum of 2 years of experience in cybersecurity compliance or similar role.
• Certifications: Relevant certifications such as CISM, CRISC, or CISA are required for entry level candidates, and a CCSP or CISSP, certification for advanced candidates. Please provide ISC2 or similar ID number.

Technical Skills

1. Risk Assessment: Be able to Identify and analyze security risks from 3rd parties or other stakeholders.
2. Knowledge of Compliance Standards: Have a working understanding of various cybersecurity frameworks like ISO 27001, NIST CSF, 800-171, GDPR, HIPAA, etc.
3. Security Auditing: Be able to understand or have experience with conducting regular audits to ensure compliance with security policies.

Soft Skills

1. Excellent Attention to Detail: Ensuring all aspects of security policies are meticulously followed and documented.
2. Clear Analytical Thinking: Be able to evaluate complex security issues and evaluate solutions.
3. Open Communication: Clearly convey security policies and procedures to required internal and external stakeholders.
4. Project Management: Oversee cybersecurity compliance projects from inception to completion.
5. Tools: Proficiency with compliance management tools and software.