The Security and Compliance Lead is responsible for developing, implementing, and maintaining the company’s security program to ensure compliance with industry standards, regulatory requirements, and best practices. This role involves risk assessment, policy enforcement, incident management, and cross-functional collaboration to enhance the organization’s security posture. The ideal candidate will be a strategic thinker with strong technical expertise and the ability to communicate security concepts effectively across departments and with external stakeholders.

Security Program Management

• Develop, implement, and maintain the organization’s security program, ensuring alignment with industry security frameworks.
• Conduct regular security assessments and audits to identify gaps and recommend improvements.
• Establish and enforce security policies, controls, and best practices to mitigate risks.
• Evaluate and implement security tools to enhance monitoring, detection, and prevention capabilities.

Risk Assessment & Compliance

• Conduct risk assessments for projects involving technological components and provide recommendations for mitigating security risks.
• Ensure compliance with internal security policies and external regulatory requirements.
• Oversee the evaluation of compliance with company security controls, identifying areas for improvement.
• Review and assess security clauses in contracts to ensure alignment with company policies and industry standards.
• Incident Management & Response
• Serve as the escalation point for security incidents, coordinating responses and ensuring adherence to incident management protocols.
• Work closely with the Security team and Service Desk to assess risks associated with incidents and user requests.
• Develop, execute, and improve business continuity and incident response plans through testing and analysis.

Customer & Stakeholder Engagement

• Act as the primary point of contact for customer inquiries related to security practices.
• Respond to customer security assessments and provide technical guidance on security implementations and requirements.
• Coordinate security initiatives with different departments to promote a company-wide security culture.

Governance, Risk, & Compliance (GRC) Management

• Manage Governance, Risk, and Compliance (GRC) tools and oversee security risk assessments using platforms like Black Kite.
• Provide security advisory services for internal and external stakeholders on IT governance, risk, and compliance matters.
• Support security initiatives by identifying key security improvements and driving their implementation.

• Degree in Information Technology or a similar field
• 5+ years in Security or Compliance role
• Proven experience in security, compliance, risk management, or related fields.
• Strong understanding of security frameworks such as NIST, ISO 27001, SOC 2, or similar standards.
• Experience with risk assessment methodologies and incident management processes.
• Familiarity with security tools, GRC platforms, and vulnerability management solutions.
• Ability to evaluate security controls, policies, and contractual security clauses.
• Excellent communication skills, with the ability to interact effectively with technical teams, executives, and customers.
• Strong problem-solving and decision-making skills in high pressure situations