As a Senior Information Security Compliance Specialist, you will be responsible for driving and maintaining the organization's information security compliance framework based on NIST CSF and international standards. The role partners closely with cross-functional teams to manage compliance, assess security risks, and support audit activities. You will play a key role in enhancing security governance and promoting a strong compliance culture across the organization.
Job Responsibilities
- Develop, maintain, and manage the Information Security Compliance Program based on NIST CSF and related standards such as ISO 27001, PCI DSS, GDPR, etc.
- Develop, review, and update internal information security policies, procedures, and guidelines to ensure compliance with legal and regulatory requirements.
- Monitor and evaluate the organization's compliance status; identify gaps, vulnerabilities, and manage security incidents within assigned scope.
- Conduct information security risk assessments, analyze control effectiveness, and propose remediation and improvement plans.
- Perform internal security audits and coordinate with external auditors to ensure continuous compliance and process improvement.
- Participate in information security training and awareness programs to enhance employee knowledge and security culture.
- Prepare periodic compliance and security reports for management and relevant stakeholders.
- Support the implementation and operation of technical tools and solutions used for security and compliance management.
- Perform other information security compliance–related tasks as assigned.
Job Requirements
- Bachelor's degree in information technology, Information Security, Risk Management, or related fields.
- 3–5 years of experience in information security compliance or governance, risk, and compliance (GRC), with practical exposure to NIST CSF.
- Strong knowledge of security standards, regulations, and frameworks such as NIST CSF, ISO 27001, PCI DSS, GDPR, etc.
- Solid skills in risk assessment, vulnerability analysis, and security incident management.
- Security certifications such as CISSP, CISA, CISM, ISO 27001 Lead Auditor (or equivalent) are a strong advantage.
- Strong planning, organizational, communication, and teamwork skills.
- High level of integrity, attention to detail, ability to work under pressure, and fast learning capability.
- Experience in fintech, banking, or highly regulated industries is a plus.
