Security Advisor I

Key Responsibilities:

• Lead External Certifications: Manage full lifecycle of third-party audits and certifications for ISO 27001, ISO 42001, ISO 27701, and PCI DSS.
• Client & Internal Audits: Act as the primary lead for client security audits and questionnaires, and plan/executing internal compliance assessments.
• Audit Remediation: Coordinate with teams to address findings, track non-conformities, and ensure evidence of remediation.
• Framework Development: Define, implement, and mature the organization's Risk Management Framework to mitigate security risks.
• Policy Lifecycle Management: Review, draft, and enhance company-wide security policies, procedures, and standards.
• Continuous Improvement: Identify governance gaps and recommend strategic security improvements.
• GRC Tool Administration: Implement and optimize GRC tools to streamline compliance workflows and evidence collection.
• Unified Control Framework (UCF): Map controls across multiple standards (ISO, PCI, NIST, HIPAA) for efficiency.
• Regulatory Compliance: Ensure alignment with NIST 800-53, HIPAA, and core ISO/PCI standards.