ALOIS Solutions · 2 days ago
Product Security Compliance Assessor
Wonder how qualified you are to the job?
ConsultingHuman Resources
Insider Connection @ALOIS Solutions
Responsibilities
Help to interpret the relevant, applicable government regulations.
Work with different teams including Legal, Cybersecurity, Finance, IT Operations, R&D, Products, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice.
Work with stakeholders to build plan of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner.
Identify, document, and report control deficiencies and associated recommendations for improvements.
Develop and communicate reports to describe regulatory risks and associated remediation actions.
Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.
Support the alignment of the policies and standards to both regulations and best practices.
Review and challenge to support compliance with policies, standards, and regulations.
Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results.
PM, Design, and implement compliance solutions to stabilize and operationalize responsible program(s).
Qualification
Find out how your skills align with this job's requirements. If anything seems off, you can easily click on the tags to select or unselect skills to reflect your actual expertise.
Required
Bachelor’s degree in computer science, Information Security, or a related field.
Strong communicator to present to all levels.
Experience in interpreting regulatory requirements and policies.
Experience in conducting compliance and gap assessments and designing metrics.
IT audit experience required
Knowledge of NIS800-218/Secure Software Development Framework, EU NIS 2 Directives, and Cybersecurity Resilient Act. Understand what the regulation is
Experience in applying security best practices within an SDLC framework.
Familiarity with various SDLC methodologies (e.g., Agile, Waterfall).
Experience with security automation tools for SDLC.
Ability to prioritize tasks, manage deadlines, and work independently.
Ability to independently run in a fast-paced environment and proactively identify and bridge knowledge gaps.
Preferred
Candidates with 5+ years of relevant experience preferred with the above requirements.
CIA/CISA/CRISC, or CISM preferred.