You will play an important role in the operation, support, and maintenance of TraceLink s Information Security Management System (ISMS), certified against ISO 27001 and supporting our SOC 2 attestation.
You will help develop plans to adopt and meet requirements of additional assurance programs as needed to support the business.
You will help review and manage security policies, standards, procedures, and guidelines to ensure complete coverage with relevant standards, frameworks, and regulations
You will manage and update controls inventory and alignment with relevant standards, frameworks, and regulations.
You will perform internal audits and risk assessments of functions, processes, and controls to drive development of remediation OR mitigation plans to improve design and operational effectiveness.
You will liaise with Subject Matter Experts (SMEs) to drive continual improvement and obtain required approvals
You will manage security exception process and tracking
You will manage remediation of nonconformities and corrective actions
You will support managing the independent certification and attestation audits
You will support departments with security-related requirements for internal projects or external vendors
You will perform vendor risk assessments to support due diligence and oversight
You will coordinate with vendor managers to ensure identified risks are addressed
You will support responses to customers and prospects for RFIs, RFPs, and questionnaires
You will support privacy regulation compliance initiatives
Skills and Requirements:
5-8 years of relevant professional experience in risk management, compliance, regulatory or other governance and control related information security role where risk-based methodology is used.
Able to work independently with minimal guidance and act as coach to other team members / stakeholders as necessary.
Strong working knowledge of IT processes and infrastructure and tools
Proven working experience of risk management.
Proven working experience as Internal / Senior Auditor with understanding of auditing and control practices.
Experience in conducting ISO 27001 / 27017 (Cloud security controls) and SOC 2/ISAE 3000 Audit participation, or other accredited audit certification and attestation.
Experience as part of a team designing, implementing, maintaining, and supporting an Information Security Management System (ISMS) based on ISO 27001
Possessing at least one or more of the following certifications(s) (Lead Auditor ISO 27001/ CISA/ CCAK CRISC/ CCSP/ CGEIT or CISM).
Excellent verbal and written communication skills, includes presentations skills.
High attention to detail and a commitment to data accuracy
Excellent analytical, reasoning, and problem-solving skills, includes knowledge on MS-Office applications.
Some project management experience with demonstrated success in leading, controlling, and completing IT projects.
Demonstrated ability to achieve results by collaborating with cross-functional, virtual teams across multiple time zones.
Strong organization and document management skills
Ready to work in flexible shifts
Ability to travel to US Headquarters if required
Preferred Skills:
Bachelors degree in Computer Science /Information Systems Security or Any other equivalent professional certifications / work experience related to Security field.
5+ years of industry experience with strong background in technology risk management or Experience working in Security Audit team.
Experience in a software company, designing and applying IT controls in a cloud-first culture
Experience with threat modeling or other risk identification techniques
Familiarity with relevant standards and frameworks, including:
Security & Risk Management: ISO 27017, 22301, and 31000; SOC 1/2/3; NIST CSF and 800-53; CSA Cloud Controls Matrix, HIPAA/HITRUST requirements