Job Openings Compliance Officer

About the job Compliance Officer

Job Summary:

The ISMS Compliance Officer is responsible for maintaining, monitoring, and improving the organizations Information Security Management System (ISMS) in accordance with ISO 27001 standards. This role ensures that information security controls are properly implemented, risks are managed, and compliance requirements are met. The position is responsible for ensuring the ongoing application and monitoring of ISO Deliverables and Objectives as well as supporting audits, awareness programs, and continuous improvement of security processes across the business.

Duties and Responsibilities:

ISMS Maintenance and Compliance

  • Maintain and update the ISMS documentation, including policies, procedures, risk registers, and control records.
  • Coordinate periodic internal audits, management reviews, and corrective action tracking.
  • Ensure alignment of ISMS with ISO 27001:2022 requirements and other applicable standards or regulations (e.g., GDPR, NIST, Data Privacy Act).
  • Monitor compliance with security policies and report any non-conformities.

Risk and Control Management

  • Support risk assessments, treatment plans, and ongoing monitoring of information security risks.
  • Maintain evidence of control implementation and effectiveness.
  • Assist in identifying, documenting, and remediating gaps in security controls.

Incident and Change Management

  • Support incident reporting, investigation, and root cause analysis.
  • Participate in change control reviews to ensure information security is considered in system or process changes.

Awareness and Training

  • Conduct or coordinate employee information security awareness sessions.
  • Assist with onboarding training for new hires on information security policies and best practices.

Audit and Reporting

  • Perform regular compliance audits, address gaps and prepare for internal and external Audits.
  • Support external ISO 27001 certification, surveillance and recertification audits.
  • Prepare periodic ISMS performance reports for management, including KPIs and improvement initiatives.

Qualifications:

Education:

  • Bachelors degree in Information Technology, Computer Science, or related field.

Experience:

  • 2–5 years of experience in information security, compliance, or IT audit roles.
  • Experience maintaining or implementing ISO 27001 or similar management systems preferred.

Certifications (preferred):

  • ISO 27001:2022 Internal Auditor or Implementer
  • CompTIA Security+, CISM, or CISSP (a plus)

Skills:

  • Good understanding of information security principles, risk management, and IT governance.
  • Strong documentation and reporting skills.
  • Familiarity with cloud environments (AWS, GCP, or Azure) and data protection practices.
  • Excellent communication and coordination skills.

Key Attributes

  • Detail-oriented and methodical.
  • Able to work independently and collaborate cross-functionally.
  • Continuous improvement mindset and proactive in identifying risks or improvements.

Or refer someone