Our client is a global leader in Testing, Inspection and Certification (TIC), delivering high quality services to help clients meet the growing challenges of quality, safety, environmental protection, and social responsibility.
We are hiring a Compliance And Privacy Specialist to join the global security team.
To support the Cybersecurity GRC Manager in implementing and maintaining the organization's cybersecurity strategy, with a focus on compliance, privacy, and risk management aligned with NIST CSF, ISO 27001, and privacy regulations.
Key Responsibilities: 1.
Compliance and Privacy Management: Manage internal compliance frameworks for Privacy and NIST CSF Translate security policies into actionable plans for users, project teams, and businesses Support implementation and maintenance of ISO 27001 certification Ensure compliance with privacy regulations (GDPR, LGPD, CPRA, etc.)
2.
Risk Assessment and Management: Perform risk analyses for internal projects and new business applications Conduct cloud risk analyses and provide security recommendations Support the Cybersecurity GRC Manager in maintaining the organization's risk register 3.
Audit and Assessment: Participate in the internal audit program, focusing on privacy and NIST CSF compliance Improve audit methodologies and manage audit schedules Perform privacy audits and NIST CSF assessments 4.
Security by Design: Implement and manage the "security by design" framework Advise project teams on security measures from project initiation to go-live Provide guidance on secure application development 5.
Stakeholder Management: Act as a point of contact for business teams on cybersecurity topics Manage and respond to clients' security questionnaires Conduct security maturity reviews and provide recommendations 6.
Continuous Improvement: Stay updated on the latest developments in information security standards and ecosystem Contribute to the development of an ISS knowledge base within the organization Support the implementation of security programs (e.g., data classification, DLP) Education : Master's degree in Computer Science, Information Security, or related field Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Auditor, NIST CSF Practitioner) Experience : 5+ years of experience in cybersecurity, with a focus on compliance and privacy Experience in implementing/auditing ISO 27001, NIST CSF, and privacy regulations Experience in information systems risk evaluation and compliance program implementation