Description:

Compliance & Program Management

- Lead the full lifecycle of compliance programs from scoping and gap assessments to remediation, controls implementation, audit prep, and certification.

- Maintain and continually improve the Information Security Management System (ISMS) as per ISO standards.

- Oversee the SOC 2 program: manage readiness assessments, control design, evidence gathering, auditor liaison, and remediation.

- Map controls across frameworks (ISO, SOC, others) to drive efficiencies and avoid duplication.

- Monitor emerging standards, regulatory changes, and industry best practices; evaluate relevance and lead adoption when needed.

Audit & Assurance

- Plan, coordinate, and lead internal audits of security controls, policies, and processes.

- Interface with external auditors, respond to audit inquiries, facilitate walkthroughs, and drive closure of findings.

- Conduct regular review of control effectiveness, risk assessments, and control self-assessments.

- Prepare and deliver audit readiness documentation, reports, dashboards, and metrics to leadership.

Risk, Controls & Remediation

- Perform regular risk assessments, including IT, process, and vendor risks, and propose mitigations.

- Track and manage the remediation of identified gaps (from audits or assessments), ensuring timely closure.

- Oversee thirdparty / vendor security assessments (questionnaires, audits, due diligence), ensure vendor controls align with TACs security posture.

- Assist with defining, enforcing, and measuring key security metrics, KPIs, KRIs, SLAs, pass/fail criteria, etc.

- Policy & Process

- Develop, maintain, and communicate security and compliance policies, standards, procedures, and guidelines.

- Collaborate with stakeholders (Engineering, DevOps, IT, HR, Legal) to ensure alignment and adoption of control requirements.

- Drive security awareness and training programs tied to compliance responsibilities.

- Help embed security by design principles in development, operations, and architecture.

- Supporting Functions

- Respond to customer / prospect security questionnaires, RFPs, diligence requests, and security audits.

- Participate in vendor selection / procurement decisions from a security compliance perspective.

- Assist in incident response related to compliance gaps or control failures (e.

, root cause analysis, postmortem, corrective actions).

- Provide advisory support in projects, changes, new initiatives assess compliance impact proactively.

Qualifications & Experience:

Education / Certifications:

- Bachelors degree in Computer Science, Information Security, Engineering, or a related field (or equivalent experience).

- Professional security / audit certifications preferred, e.g ISO 27001 Lead Auditor or Lead Implementer.

CISSP, CISM, CISA, CRISC or equivalent.

Experience:

- Typically 5+ years in information security, risk, or compliance roles with hands-on experience in ISO compliance and audits.

- Proven track record managing SOC 2 (Type I / Type II) compliance programs (at least 1 full audit cycle).

- Experience working with external auditors and managing audit processes end to end.

- Familiarity with cloud environments (AWS, Azure, GCP), SaaS, DevOps, and how they relate to security and compliance.

- Experience with vendor / third-party risk assessments.

- Strong stakeholder management skills and ability to influence across technical and non-technical teams.

Skills & Competencies:

- Deep understanding of ISO (27001, 27701 or relevant) and SOC 2 frameworks, trust service criteria, control requirements, etc.

- Excellent analytical skills ability to identify gaps, risks, and propose effective remediation.

- Strong documentation skills policies, procedures, evidence, audit artifacts.

- Excellent communication (verbal & written) ability to present to executives, technical teams, and auditors.

- Project management skills ability to juggle multiple assurance initiatives, set timelines, and drive closure.

- High ownership, integrity, attention to detail, and ability to work independently or as part of cross-functional teams.