Our client is a global leader in Testing, Inspection and Certification (TIC), delivering high quality services to help clients meet the growing challenges of quality, safety, environmental protection, and social responsibility.We are hiring a Compliance And Privacy Specialist to join the global security team.To support the Cybersecurity GRC Manager in implementing and maintaining the organization's cybersecurity strategy, with a focus on compliance, privacy, and risk management aligned with NIST CSF, ISO 27001, and privacy regulations.Key Responsibilities:1.
Compliance and Privacy Management:Manage internal compliance frameworks for Privacy and NIST CSFTranslate security policies into actionable plans for users, project teams, and businessesSupport implementation and maintenance of ISO 27001 certificationEnsure compliance with privacy regulations (GDPR, LGPD, CPRA, etc.)2.
Risk Assessment and Management:Perform risk analyses for internal projects and new business applicationsConduct cloud risk analyses and provide security recommendationsSupport the Cybersecurity GRC Manager in maintaining the organization's risk register3.
Audit and Assessment:Participate in the internal audit program, focusing on privacy and NIST CSF complianceImprove audit methodologies and manage audit schedulesPerform privacy audits and NIST CSF assessments4.
Security by Design:Implement and manage the "security by design" frameworkAdvise project teams on security measures from project initiation to go-liveProvide guidance on secure application development5.
Stakeholder Management:Act as a point of contact for business teams on cybersecurity topicsManage and respond to clients' security questionnairesConduct security maturity reviews and provide recommendations6.
Continuous Improvement:Stay updated on the latest developments in information security standards and ecosystemContribute to the development of an ISS knowledge base within the organizationSupport the implementation of security programs (e.g., data classification, DLP)Education:Master's degree in Computer Science, Information Security, or related fieldRelevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Auditor, NIST CSF Practitioner)Experience:5+ years of experience in cybersecurity, with a focus on compliance and privacyExperience in implementing/auditing ISO 27001, NIST CSF, and privacy regulationsExperience in information systems risk evaluation and compliance program implementation