Information Security Compliance and Risk Specialist (QB-SCR-20250718)

What you’ll do here

• As a key contributor to our security and compliance initiatives, you will apply a deep understanding of risk management principles and a strong command of global privacy regulations.
You’ll bring hands-on experience in designing, implementing, and auditing comprehensive compliance programs aligned with leading industry standards, including PCI DSS, SOC 2, ISO 27001/27002, and the NIST Cybersecurity Framework.
In this role, you will work cross-functionally with internal stakeholders to enhance the organization’s security posture, ensure adherence to data protection requirements, and drive ongoing improvements in response to evolving regulatory and industry demands.

Responsibilities

• Support the development, implementation, and enforcement of information security policies, standards, procedures, and controls to meet legal, regulatory, and contractual obligations.
• Assist in evaluating the organization’s existing IT architecture against applicable security frameworks (e.g., NIST CSF, NIST 800-53) to ensure compliance and identify areas for enhancement.
• Oversee and support the implementation of compliance controls and operational processes aligned with recognized security frameworks and best practices.
• Plan and execute regular internal audits to ensure ongoing compliance with key security standards such as PCI DSS, SOC 2, and ISO/IEC 27001.
• Enhance and maintain a comprehensive Risk Management and Incident Response framework to ensure effective identification, mitigation, and response to security threats.
• Conduct audits and assessments to validate adherence to data protection policies and ensure alignment with global privacy and data protection regulations.
• Design and deliver privacy and security training programs, including awareness campaigns to foster a security-conscious culture across the organization.
• Monitor regulatory developments and maintain compliance with evolving privacy laws, including but not limited to CCPA, GDPR, PIPEDA (Canada), and LFPDPPP (Mexico).

Experience We’re Looking For

• Bachelor's degree in Information Security, Computer Science, or a related field.
• Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations.
• Knowledge in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP).
• Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance.
• Strong attention to detail and the ability to work independently.
• Excellent problem-solving skills with a proactive attitude toward risk mitigation.
• ​​Strong ethical standards and commitment to data security and privacy.

Nice to have

• General knowledge of cloud environments.
• Experience working with Governance Risk and Compliance technologies.
• Experience implementing Data Privacy Technologies.
• Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)