We use cookies. Find out more about it here. By continuing to browse this site you are agreeing to our use of cookies.
I agree and accept cookies
Main menu
Post a Job
Request a Demo
Yes
No
Both
Advanced search
#alert
Back to search results / More jobs like this
Back to search results
New
HH Global jobs

Information Security Audit + Compliance Specialist

HH Global
United States, Illinois, Chicago
203 North La Salle Street (Show on map)
Oct 10, 2024

Purpose of Job

We are seeking a dedicated Information Security Compliance Specialist to join our team. The ideal candidate will assist in planning, organizing, and performing internal audits, developing and maintaining compliance policies, conducting supplier audits, completing client audits/assessments, and managing risk assessments. This role is crucial in ensuring our organization adheres to ISO 27001:2022and SOC 2 Type II standards, as well as various privacy laws.

As an Information Security Audit and Compliance Specialist you will be responsible for supporting management with the overall enhancement and assurance of Information Security. The role includes developing, maintaining , enforcing Information security standards, procedures in line with ISO/IEC 27001:2022standards, SOC 2 Type II principles, and HIPAA compliance. The role will apply industry best practice to fulfil stakeholder requirements; the provision of expert advice to projects within HH Global including evaluating, reviewing, recommending and setting baselines for new security technologies for use within the business.

This role includes a collective oversight of risk management, compliance, assurance and governance including the technical and organizational controls assuring the confidentiality, integrit y and availability of information assets. You will also b e responsible for providing expert guidance and techniques and presenting efficient and pragmatic change recommendations to stakeholders enabling them to own and manage their information security requirements and controls to change or improve their ISMS.

This role will be based remotely in Chicago, IL, with occasional traveling into our Chicago Headquarters.

Key Responsibilities

  • Assist in planning, organizing, and performing ISO 27001:2022 and SOC 2 Type II internal audits.
  • Develop, initiate, maintain , and revise policies and procedures for the Information Security Compliance Program.
  • Conduct supplier audits and manage external audits, identifying risks and action plans, and contribute to the Supplier Risk Management program.
  • Assist with investigations of alleged violations of Information Security policies and procedures.
  • Conduct privacy risk assessments to understand the risk landscape and the mitigation needed to achieve data privacy compliance.
  • Create information security reports using agreed KPIs.
  • Assist with other Information Security and Risk (ISR) administrative responsibilities.
  • Work with Information Security infrastructure owners to implement IT security programs.
  • Manage and maintain Risk Registers and Risk owners.
  • Cultivation of business relationships, review, and interpretation of new sources of information on current and emerging laws, rules, regulations, and industry practice relating to Information Security.
  • Assist in the planning, organizing and performing of ISO 27001:2022 and SOC 2 Type II internal audits.
  • Track and investigate information security incidents.
  • Support the business as a covered entity with the guidance and expertise necessary to ensure HH Global is HIPAA compliant.

Knowledge , Skills + Experience

  • 3+ years of experience in information security audit and compliance.
  • Bachelor's degree or equivalent relevant experience in information security.
  • Fluent in English and able to communicate clearly to stakeholders in other regions and countries regarding audits and risk assessments.
  • Ability to work independently without supervision.
  • Detailed knowledge of ISO 27001:2022 frameworks and SOC 2 Type II principles, associated legislation, and good practice standards with good core knowledge of web and network security plus excellent general information security knowledge.
  • Strong understanding of privacy laws such as CCPA, GDPR, and HIPAA.
  • Experience with supplier audits, external audit management, and risk identification.
  • Knowledge of the OneTrust Privacy platform, particularly Vendor Management and Risk Management modules.
  • Experience with security risk assessment, gap analysis, and management through controls to mitigate identified risks.
  • Experience with incident response processes.
  • Willingness to learn about the latest trends in cybersecurity and keep up to date in a continuously challenging environment.

Your application will be reviewed by a member of our Recruiting Team and we'll reach out to you directly if there's a fit for the position. We're using video conferencing software to conduct many of our interviews, but all interviews will be live with a member of our Recruiting or Hiring teams.

Apply Now

Applied = 0
MORE JOBS LIKE THIS

(web-578ff8464-ntfmf)