Information Security and Compliance Lead
An Information Security and Compliance Lead role is a critical position within an organization responsible for ensuring that the company’s data and systems are secure and in compliance with relevant laws, regulations, and standards. This role often encompasses a wide range of responsibilities including overseeing vulnerability assessment and penetration testing (VAPT), guiding security policy development, and leading compliance initiatives. Below is an example job description for an Information Security and Compliance Lead role that includes responsibilities related to VAPT scanning. As the Information Security and Compliance Lead, you will play a pivotal role in designing, implementing, and maintaining the organization’s information security and compliance programs. You will lead efforts related to vulnerability assessment and penetration testing (VAPT), risk management, policy development, and compliance monitoring. You will collaborate with various departments to ensure that security practices and policies are understood and followed.
Key Responsibilities
- Vulnerability Assessment and Penetration Testing (VAPT):
- Lead and oversee regular VAPT scans across the organization’s systems and networks.
- Analyze scan results and work with technical teams to remediate vulnerabilities.
- Develop and implement strategies to mitigate identified risks.
- Collaborate with vendors and third-party service providers to ensure VAPT activities are conducted according to industry standards.
- Information Security and Risk Management:
- Develop, implement, and manage the organization’s information security policies and procedures.
- Conduct risk assessments and provide recommendations to address identified risks.
- Monitor and respond to security incidents, ensuring timely resolution and documentation.
- Compliance Management:
- Oversee and manage the organization’s compliance with applicable laws, regulations, and industry standards (e.g., GDPR, HIPAA, ISO 27001).
- Conduct regular internal audits to ensure adherence to compliance requirements.
- Facilitate external audits and work with auditors to provide necessary documentation and evidence.
- Security Awareness and Training:
- Develop and conduct security awareness training for employees at all levels.
- Promote a culture of security within the organization through education and awareness programs.
- Collaboration and Communication:
- Work closely with IT, legal, and other departments to ensure security and compliance requirements are integrated across all business processes.
- Communicate security and compliance risks and recommendations to executive leadership and other stakeholders.
- Reporting and Documentation:
- Prepare and present reports on security and compliance metrics to executive leadership.
- Maintain comprehensive records and documentation related to security incidents, compliance activities, and audits.
Minimum Requirements
- Bachelor’s Degree in Computer Science, Information Security, or a related field. A Master’s Degree is a plus.
- Relevant certifications such as CISSP, CISM, CISA, CEH, or equivalent are preferred.
- Proven experience in VAPT scanning and managing security and compliance programs.
- Strong understanding of security frameworks and standards such as ISO 27001, NIST, and others.
- Knowledge of applicable laws and regulations (e.g., GDPR, HIPAA, PCI DSS).
- Excellent problem-solving, analytical, and decision-making skills.
- Strong communication and interpersonal skills.
Apply now
Disclaimer
Mercans collects and processes personal data in accordance with applicable data protection laws. If you are a European Job Applicant see the privacy notice for further details. Mercans does not discriminate on the basis of race, sex, color, religion, age, national origin, marital status, disability, veteran status, genetic information, sexual orientation, gender identity or any other reason prohibited by law in provision of employment opportunities and benefits.