IT Compliance Officer

• Maintain and enhance in existing security controls, risk assessment framework, ensuring documented and sustainable compliance that aligns with SEWA business objectives and applicable regulatory requirements.

• Continuously monitor information security controls, exceptions, risks.

• Schedules regular assessments and testing of effectiveness and efficiency of ISMS controls and existing system policies and creates GRC reports.

• Performs and investigates internal and external information security risk and exceptions assessments.

• Conduct IT System policies reviews, assess security incidents, vulnerability management, scans, patching status, secure baselines, penetration test result, phishing, and social engineering tests and attacks.

• Documents and reports Information Security control failures and gaps. Provides remediation guidance and prepares incident reports to track remediation activities.

• Remains current on IT Governance and Information security risks, technologies and compliance best practices.

• Performs other related duties as assigned.

Requirements

Minimum Qualifications

Min 5 Years of applied work experience in cyber security programs, audits, assessments, risk, remediation, or information security compliance management

Knowledge, Skills, and Abilities Knowledge of:

• Information security governance requirements, compliance principles, practices, laws, rules and regulations.

• SAP Information technology systems and processes, IT network infrastructure, data architecture, data processes, and protocols.

• Cyber and cloud security standard frameworks, architecture, design, operations, controls, technology, solutions, and service orchestration.

• Information systems auditing, monitoring, controlling, and assessment process.

• Incident response management.

• Risk assessment and management methodology.

Skills in:

• Security project study, management, and planning.

• Maintaining confidentiality.

• Troubleshooting and operating a computer and various software packages.

• Defining problems, collecting and analyzing information, establishing facts and drawing valid conclusions

Ability to:

• Effectively communicate technical issues to diverse audiences, both in writing and verbally.

• Apply a risk-based approach to planning, executing, and reporting on audit engagements and auditing process.

• Learn quickly and apply knowledge to new situations and business requirements.

• Handle sensitive and confidential matters, situations, and data.

• Understand and follow broad and complex instructions.

• Interact positively with the management, the staff, the public, and regulatory agencies in order to enhance effectiveness and to promote quality service.

• Work independently and prioritize multiple tasks and adapt to needed changes.

Benefits

• Paid Time Off
• Performance Bonus
• Training & Development