Risk and Compliance Specialist- Applications

Responsibilities:

1. Develop Ethics Strategies

1. Lead the design, development, implementation, update and enforcement of organization policy and ethics compliance strategies pertaining to applications.
2. Help in the alignment of company’s operation with industry data protection regulation and ethics standard
3. Collaborate with development teams to integrate security best practices from requirements gathering to design, development, and testing.
4. Work closely with DevOps, QA, and Product teams to ensure security is embedded throughout the SDLC.

1. Regulatory Compliance

1. Ensure ISO 27001 compliance for application-related security controls, supporting audits and certification efforts.
2. Evaluate application security risks and align security practices with compliance frameworks such as NIST, CIS, and SOC 2.
3. Monitor and analyze changes in data privacy regulations and assist in adapting the organization’s practices to remain compliant.
4. Help in conducting regular audits and assessments to identify potential compliance gaps and implement corrective actions.
5. Monitor third-party applications, APIs, and dependencies for compliance and security vulnerabilities.
6. Maintain policies and documentation related to application security governance.

1. Risk Management and Mitigation

1. Take part in identification and assessment of IT risks across all business units, including internal and third-party data processing practices with relation to applications.
2. Conduct secure coding reviews, threat modeling, and risk assessments aligned with OWASP Top 10, SANS 25, and other frameworks.

1. Internal Training and Awareness:

1. Develop and deliver training programs to raise awareness of cybersecurity, policies, ethics standards, and compliance requirements across the organization.
2. Participate in security awareness training for development and product teams.
3. Foster awareness of the organization’s ethical standards, ensuring employees understand the importance of cybersecurity awareness in day-to-day operations.

1. Incident Management and Breach Reporting:

1. Take part in responding to cybersecurity incidents, breaches, or violations and also take part in investigations, reporting findings, and implementing corrective actions with relations to applications.
2. Ensure compliance with breach notification requirements, including timely reporting to regulators and affected individuals when necessary.
3. Work with legal and security teams to develop and implement incident response plans specific to data privacy breaches.

1. Contribute to preparation and presentation of regular reports on compliance status, data privacy incidents, and strategic initiatives to senior leadership.
2. Stay informed and up to date

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or a related field.

• 3+ years of experience in risk management, compliance, or application security.
• Knowledge of risk management and developing mitigation strategies.
• Strong knowledge of ISO 27001, NIST 800-53, OWASP, and secure coding standards.
• Experience conducting security assessments, penetration testing, or vulnerability analysis.
• Familiarity with DevSecOps, CI/CD security tools, and cloud security best practices.
• Ability to translate security and compliance requirements into technical and business-friendly language.
• Relevant certifications (preferred): CISSP, CISM, CRISC, ISO 27001 Lead Auditor, or OSCP.

• Result-oriented, team player, fast learner and dynamic
• Working knowledge in information security and data protection
• Excellent analytical and problem-solving skills to evaluate risks and create practical solutions
• Strong communication and interpersonal skills both written and verbal, with the ability to convey complex concepts to non-technical stakeholders.
• Can work with minimum supervision
• Self-starter and highly motivated
• Strong organizational and project management skills with ability to manage multiple compliance initiatives and tasks simultaneously.
• Takes responsibility for timely completion of work
• Passion to acquire and update skills and the ability to learn new tools and techniques quickly