Security Compliance Specialist

Aprende Institute is seeking an experienced Security Compliance Specialist with strong project management skills to lead our efforts in analyzing, auditing, and implementing security protocol protections to ensure compliance with industry standards such as SOC 2. This role is pivotal in managing security compliance initiatives, working closely with cross-functional teams to identify security gaps, develop mitigation strategies, and coordinate projects that protect sensitive data and maintain regulatory compliance.

Key Responsibilities:

• Security Audit and Analysis: Conduct thorough audits of existing security protocols, policies, and practices to identify areas of risk and non-compliance with SOC 2 and other relevant security standards. Analyze findings, identify vulnerabilities, and recommend remediation strategies.
• Security Audit Support: Work with internal teams and external auditing partners to support the analysis and assessment of existing security protocols. Facilitate the audit process by coordinating necessary resources, gathering required documentation, and ensuring all audit requirements are met.
• Security Protocol Implementation: Develop and implement security protocols, controls, and procedures to ensure compliance with SOC 2 and other security frameworks. Oversee the rollout of security measures across the organization and ensure ongoing compliance.
• Risk Assessment and Mitigation: Proactively identify potential security risks and vulnerabilities, conduct risk assessments, and work with internal teams to develop mitigation plans. Implement and monitor risk management processes to maintain a strong security posture.
• Project Management: Lead security compliance projects from inception to completion, developing detailed project plans, timelines, and milestones. Manage scope, track progress, address roadblocks, and ensure timely, on-budget delivery. Regularly update leadership on status, risks, and outcomes, while maintaining comprehensive project documentation and ensuring adherence to compliance processes.
• Stakeholder Coordination: Serve as the primary liaison between internal teams (e.g., engineering, IT, legal, and product) and external partners, including security auditors. Coordinate cross-functional efforts to align project objectives with business goals.
• Collaboration with External Auditors: Act as the main point of contact for external auditing partners, coordinating audit activities, providing necessary documentation, and ensuring that all compliance requirements are met in a timely manner.
• Cross-Functional Collaboration: Work closely with engineering, IT, legal, and product teams to understand system architecture, data flows, and potential security risks. Ensure that security practices are integrated into everyday operations and aligned with business objectives.
• Policy Documentation and Reporting: Maintain detailed documentation of security policies, procedures, and compliance efforts. Provide regular reports on compliance status, audit results, risk assessments, and project progress to leadership and key stakeholders.
• Training and Awareness: Support the development and delivery of security training and awareness programs for employees, ensuring that best practices are understood and followed throughout the organization.
• Continuous Improvement: Stay updated on the latest security trends, regulatory requirements, and best practices. Recommend and implement enhancements to improve the organization's security posture and compliance efforts.
• Financial Planning: In coordination with FP&A, develop an overall budget and provide ongoing updates to ensure the initiatives are managed within their allocated resources.

Qualifications:

• Education: Bachelor's degree in Information Technology, Computer Science, Cybersecurity, or a related field.
• Experience:
  • 5+ years of experience in security analysis, compliance, or a similar role, with hands-on experience in security protocols and frameworks such as SOC 2, ISO 27001, or NIST.
  • 2+ years of experience in project management, preferably within a technical or compliance-focused environment. Demonstrated success in managing multiple complex, cross-functional projects from start to finish and meet tight deadlines.
• Skills:
  • Strong knowledge of security principles, practices, and technologies.
  • Excellent project management skills with experience in leading compliance initiatives, including the ability to manage multiple projects simultaneously.
  • Strong analytical skills with the ability to identify security risks and recommend practical solutions.
  • Exceptional communication and interpersonal skills, with the ability to work effectively across diverse teams and present complex information to both technical and non-technical stakeholders.
  • Detail-oriented with a proactive approach to problem-solving.
• Certifications: Security certifications such as CISSP, CISM, or CISA are highly desirable. Project management certification (e.g., PMP, CSM) is a plus.