Просмотр вакансии

Nauchsoft is an international IT consulting and software development company. We have been in the IT business for 36 years and continue growing.

We are looking for a Middle/Senior Compliance Officer. This role is prospective and has been created in line with the company’s planned team expansion.

Principal Duties and Responsibilities:

• Developing a strategic approach to security policies, and compliance requirements balanced with corporate strategic goals across the enterprise.
• Implementing and maintaining a risk register and assisting the organization in defining risk tolerance.
• Planning and leading the GAP assessment and future alignment with NIST CSF, SOC2, or other relevant frameworks.
• Serve as a lead responder to customer and vendor questionnaires.
• Develop and implement TPRM (Third-Party Risk Management) program.
• Develop vendor management and dependency management program (SBOM, etc.)
• Implement and improve cybersecurity program reporting dashboards and provide execute reporting upon request.
• Support regulatory compliance with relevant industry standards.
• Ensuring identity management systems implement and enforce access controls and frameworks such as Role Based Access Control (RBAC) and least privilege.
• Building a strong, collaborative partnership with Technology, Legal, Product, HR, and Finance teams.
• Evangelizing operational security risk programs across the company.
• Assisting in the development of a multiyear risk management program roadmap.

Qualifications and Key Skills:

• Minimum 7 years of relevant hands-on IT experience.
• Minimum of 5 years of audit, assessment, and framework implementation experience.
• Experience with previously performed audit with third-party attestation.
• Thorough knowledge and understanding of Cybersecurity Frameworks, like NIST, SOC2, ISO270001 and risk management strategies.
• Ability to develop multiyear roadmaps and detailed project plans.
• Hold at least one security or governance certification, or ability to obtain in first year like CISM, CRISC, CGEIT, CISA, GRCP, GRCA, etc.
• English intermediate and higher.

We offer:

• Opportunity for professional self-realization and growth;
• Friendly team;
• 25-days of paid vacation;
• Medical insurance and 100% payment for sick leave;
• Professional training and obtaining certificates at the company's expense;
• Foreign language courses and other corporate programs;
• A variety of corporate events;
• Bonuses in case of wedding or a child’s birth;
• The possibility of remote work from any location.