Compliance And Privacy Specialist (IT)

Our client is a global leader in Testing, Inspection and Certification (TIC), delivering high quality services to help clients meet the growing challenges of quality, safety, environmental protection, and social responsibility.

We are hiring a Compliance And Privacy Specialist to join the global security team.

To support the Cybersecurity GRC Manager in implementing and maintaining the organization's cybersecurity strategy, with a focus on compliance, privacy, and risk management aligned with NIST CSF, ISO 27001, and privacy regulations.

Key Responsibilities:

1. Compliance and Privacy Management:

• Manage internal compliance frameworks for Privacy and NIST CSF
• Translate security policies into actionable plans for users, project teams, and businesses
• Support implementation and maintenance of ISO 27001 certification
• Ensure compliance with privacy regulations (GDPR, LGPD, CPRA, etc.)

2. Risk Assessment and Management:

• Perform risk analyses for internal projects and new business applications
• Conduct cloud risk analyses and provide security recommendations
• Support the Cybersecurity GRC Manager in maintaining the organization's risk register

3. Audit and Assessment:

• Participate in the internal audit program, focusing on privacy and NIST CSF compliance
• Improve audit methodologies and manage audit schedules
• Perform privacy audits and NIST CSF assessments

4. Security by Design:

• Implement and manage the "security by design" framework
• Advise project teams on security measures from project initiation to go-live
• Provide guidance on secure application development

5. Stakeholder Management:

• Act as a point of contact for business teams on cybersecurity topics
• Manage and respond to clients' security questionnaires
• Conduct security maturity reviews and provide recommendations

6. Continuous Improvement:

• Stay updated on the latest developments in information security standards and ecosystem
• Contribute to the development of an ISS knowledge base within the organization
• Support the implementation of security programs (e.g., data classification, DLP)

Education:

Master's degree in Computer Science, Information Security, or related field

Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Auditor, NIST CSF Practitioner)

Experience:

5+ years of experience in cybersecurity, with a focus on compliance and privacy

Experience in implementing/auditing ISO 27001, NIST CSF, and privacy regulations

Experience in information systems risk evaluation and compliance program implementation