Security Compliance Program Manager

This is a fully remote position, open to applicants in Colombia.

📋 Description

• Assisting in the development, execution, and operationalization of SOC 2, ISO 27001:2022, NIST CSF, and corresponding security procedures for client environments.

• Collaborating with an established long-term consultant to convert audit requirements, security controls, documented procedures, evidence collection processes, user-awareness initiatives, and internal-audit findings into sustainable operational practices.

• Working closely with client leadership, security stakeholders, HR, Finance, Operations, Engineering, Technology, Business Development, Purchasing, and international business units to enhance security maturity and readiness for certification.

⛳️ Requirements

• Between 10 to 16 years of professional experience in cybersecurity, information security, IT audit, GRC, risk management, infrastructure security, security engineering, or related fields.

• Practical experience in supporting SOC 2 Type 1 and/or Type 2 audits, encompassing control documentation, evidence collection, auditor interaction, remediation planning, and ongoing control operation.

• Robust understanding of ISO 27001, including the requirements of ISO 27001:2022, Annex A controls, internal audits, risk treatment, documented information, and management-system practices.

• Experience in aligning security programs with frameworks such as NIST CSF, CIS Controls, ISO 31000, ISO 22301, HIPAA, HITRUST, PCI DSS, GDPR, LGPD, or DFARS-related requirements.

• Proven ability to develop and operationalize policies, procedures, standards, control narratives, process documentation, and evidence-management workflows.

• Experience in collaborating with cross-functional business and technology stakeholders to gather audit evidence, promote process adoption, and address control gaps.

• Strong understanding of technical security domains, including: Access Control, Identity and Access Management (IAM), Vulnerability Management, Incident Response, Change Management, Logging and Monitoring, Endpoint Security, Network Security, Cloud Security, and Business Continuity.

• Experience working directly with senior stakeholders and control owners to enhance security maturity and monitor measurable progress.

• Hands-on experience with tools like Jira, Confluence, spreadsheets, dashboards, or GRC platforms to oversee audit readiness, KPIs, findings, and remediation plans.

• Excellent written and verbal communication skills in English.

🏝️ Benefits

• Employees have the option to work remotely.