Product Security Compliance Assessor (IT Auditor)

Job Title: Product Security Compliance Assessor (IT Auditor)

Location: 100% Remote

Job Description:

o Help to interpret the relevant, applicable government regulations.

o Work with different teams including Legal, Cybersecurity, Finance, IT Operations, R&D, Products, and other stakeholder teams to coordinate control requirements, reporting and mapping to policy, regulation, and best practice.

o Work with stakeholders to build plan of actions and milestones, track progress against gaps, and communicate changes or risks to plans in a timely manner.

o Identify, document, and report control deficiencies and associated recommendations for improvements.

o Develop and communicate reports to describe regulatory risks and associated remediation actions.

o Understand current information security regulatory applicability and monitor for upcoming regulatory changes and revisions.

o Support the alignment of the policies and standards to both regulations and best practices.

o Review and challenge to support compliance with policies, standards, and regulations.

o Evaluate, operate, and maintain tools or artifacts to capture and publish regulatory assessment results.

o PM, Design, and implement compliance solutions to stabilize and operationalize responsible program(s).

Requirements:

• Bachelor’s degree in computer science, Information Security, or a related field.

• Strong communicator to present to all levels.

• Experience in interpreting regulatory requirements and policies.

• Experience in conducting compliance and gap assessments and designing metrics.

• IT audit experience required

• Knowledge of NIS800-218/Secure Software Development Framework, EU NIS 2 Directives, and Cybersecurity Resilient Act. Understand what the regulation is

• Experience in applying security best practices within an SDLC framework.

• Familiarity with various SDLC methodologies (e.g., Agile, Waterfall).

• Experience with security automation tools for SDLC.

• Ability to prioritize tasks, manage deadlines, and work independently.

• Ability to independently run in a fast-paced environment and proactively identify and bridge knowledge gaps.

• Candidates with 5+ years of relevant experience preferred with the above requirements.

• CIA/CISA/CRISC, or CISM preferred.