Job Description

The IT Compliance Specialist is primarily responsible for developing, implementing, and maintaining a sustainable Compliance Assurance Plan for PCIDSS, ISO 27001 and SOC 2 Type II and thereby he/she improves the management of information security risks in Aspire Lifestyles and International SOS. This position leads the cross functional IT security compliance across IT Applications, IT Systems, IT Networks, and IT Security, Human Resources, and Physical Security by coordinating with experts assigned from IT and HR functions. The position maintains the PCI DSS Compliance Dashboard across all locations by establishing the daily/weekly/monthly PCI DSS, ISO 27001 and SOC 2 Type II compliance checks in existing environment. Primary Responsibilities: Support all aspects of client assurance (questionnaire, agreements and audits). Lead SOC 2 Type II assessment for the organization (Aspire Lifestyles and International SOS) program on time without failure. Perform PCIDSS\' internal and external audit and compliance reviews. Assist compliance officers/managers in preparing evidences, questionnaires and presentations for security audits (remote and onsite) and ensure timely and successful closure of assessments. Support the activities and timely submission of evidences in preparation for internal and external audits (remote and onsite) for PCIDSS, SOC 2 Type II, ISO27001 and other related audits. Perform reviews, coordinate, track, follow up and collect evidences from multiple team members in Technology teams, application, systems, network, security, local IT and relevant business and operations to support the PCIDSS compliance. Lead IT compliance discussions with technology and operations team, customer security point of contacts and support sales, BDMs and commercial desk, as needed. Prepare and maintain reports, dashboards, evidence folders, presentation and trackers on PCIDSS, SOC 2 Type II and other compliance activities. Highlight and report deviations on the activities or high-risk audit areas. Any other delegated tasks reasonably considered to be within the scope of the post and as agreed with managers. Required Work Experience Minimum 2 to 4 years of process compliance and risk management experience with a broad range of exposure to all aspects of IT compliance planning, audit methodologies, risk management methodologies, and contract reviews. Preferably with understanding of information security risk management, governance, compliance and audits in different regions and business units and achieve maturity over next 2 years. Knowledge in at least one of industry standards and best practices such as SOC 2 Type II, ISO/IEC 27001 Certification and PCIDSS Good exposure and knowledge on IT security technologies and best practices Excellent business communication skills Ability to work in multicultural and multi-geographical environment Ability to work autonomously or as part of a team, within targets and deadlines Required Soft Skills (Critical soft skills necessary to successfully perform the job) Excellent documentation, report writing and presentation skills Excellent coordination skills with high level stakeholders and technical level experts Required Qualifications (Brief description of the educational background needed to perform the job) Degree/Master Degree in information security, information technology or related discipline. Other qualifications includes at least one certification from ISO 27001 Lead Auditor, CISA, PCI certifications.

foundit