Cyber Security Compliance Specialist

Overall Purpose of the Role:

We are seeking an experienced Cyber Compliance Specialist to join our team and strengthen our cybersecurity compliance posture. This role will be responsible for conducting technology audits, managing compliance assessments, user access reviews audit finding resolution and ongoing management, and ensuring adherence to industry standards and regulatory requirements. The successful candidate will play a critical role in maintaining our compliance to security frameworks, policies, standards and managing third-party risk relationships.

Experience and Skills Required:

Education and Experience

• Bachelor’s degree in information technology, Cybersecurity, Computer Science, or related field
• Minimum 3-5 years of experience in cybersecurity compliance or audit roles
• Demonstrated experience with PCI DSS assessments and implementations
• Proven track record in ISO 27001 compliance and certification processes
• AI and Data Analytics proficiency

Technical Skills
• Strong understanding of cybersecurity frameworks (NIST, ISO 27001, PCI DSS)
• Experience with compliance assessment tools and methodologies
• Knowledge of network security, system administration, and security controls
• Familiarity with risk management principles and practices
• Understanding of regulatory requirements (GDPR, POPIA, etc.)
• Strong understanding and experience with AI technologies and prompting

Professional Certifications (Preferred)

• Certified Information Systems Auditor (CISA)
• Certified Information Security Manager (CISM)
• ISO 27001 Lead Auditor or Lead Implementer
• Certified Information Systems Security Professional (CISSP)

Core Competencies

• Excellent analytical and problem-solving skills
• Strong written and verbal communication abilities
• Attention to detail and ability to work with complex compliance requirements
• Project management skills and ability to manage multiple initiatives
• Collaborative approach and ability to work with cross-functional teams
• Ability to translate technical concepts for non-technical stakeholders

Responsibilities:

1. Technology and Cyber Audit

• Conduct comprehensive technology and cybersecurity reviews across the organization
• Evaluate existing security controls and identify gaps in compliance
• Perform risk assessments on IT systems, applications, and infrastructure
• Review and validate security configurations and implementations
• Collaborate with technical teams to remediate identified vulnerabilities and compliance issues

2. Cyber Self-Assessments

• Design and implement self-assessment frameworks for ongoing compliance monitoring
• Develop assessment questionnaires and evaluation criteria
• Coordinate with various departments to complete regular self-assessments
• Analyze assessment results and provide actionable recommendations
• Track remediation efforts and maintain compliance metrics (Key Indicators)
• User access reviews
• Cyber game day preparation and execution

3. PCI Assessment and ISO 27001 Compliance

• Lead PCI DSS compliance initiatives and manage assessment processes
• Conduct gap analyses against PCI DSS 4.0 requirements
• Coordinate with external assessors and QSAs for validation activities
• Ensure continuous compliance with ISO 27001 standards and prepare for certification audits
•  Stay current with evolving PCI, NIST, OWASP, ISO standards and other key security framework requirements relevant to the organization.

4. Cyber Third Party Risk Management

• Develop and maintain third-party risk assessment programs
• Evaluate vendor security postures and compliance status
• Conduct security reviews of supplier contracts and service agreements
• Monitor ongoing third-party risk and manage vendor compliance requirements
• Coordinate security assessments and due diligence for new vendors

5. Policy and Standard Compliance

• Develop, review, and update cybersecurity policies and procedures
• Ensure policies align with industry standards and regulatory requirements
• Monitor compliance with internal security policies across the organization
• Provide guidance and training on policy requirements to staff
• Maintain policy documentation and version control

6. Report Writing and Communication

• Prepare comprehensive compliance reports for management and stakeholders
• Document audit findings, risk assessments, and remediation recommendations
• Create executive summaries and technical reports tailored to different audiences
• Present compliance status and risk metrics to senior leadership
• Maintain compliance documentation and evidence repositories