Role Overview

The Compliance Engineer will support the organization’s information security governance, risk management, and compliance initiatives. This role focuses on implementing security policies, conducting risk assessments, managing compliance activities, and ensuring alignment with regulatory frameworks and industry standards.

Key Responsibilities

Governance & Policy Management

• Assist in the development, review, and maintenance of security policies, procedures, and standards.
• Ensure policies align with frameworks such as ISO 27001 and regulatory requirements.
• Manage policy lifecycle and track periodic reviews.

Risk Management

• Conduct risk assessments for systems and Infrastructure.
• Maintain and update the risk register, ensuring accurate documentation of risks, mitigations, and status.
• Track corrective actions and support remediation efforts with relevant stakeholders.

Compliance & Audit Support

• Support internal and external audits (ITGC & ISO 27001 etc.)
• Maintain evidence repositories and prepare required documentation for audits.
• Monitor compliance with organizational security controls and regulatory requirements.

Control Implementation & Monitoring

• Assist in implementing security controls across IT.
• Perform periodic control testing and maturity assessments.

Security Awareness & Reporting

• Support security awareness programs, campaigns, and employee training initiatives.
• Generate GRC dashboards and reports for management (risk status, audit results, compliance score, etc.).

Skills & Knowledge

• Strong understanding of information security principles and GRC concepts.
• Familiarity with frameworks of ISO 27001
• Good documentation, reporting, and analytical skills.

Experience

• 2–4 years of experience in GRC, Information Security, Risk Management, or Compliance roles.
• Experience supporting audits, conducting risk assessments, and maintaining compliance evidence.