IT Risk & Compliance Specialist

Experteer Overview

You will drive gap analyses, remediation, and continuous improvement across governance, risk, and policy management. This position offers visibility to executive leadership and a chance to mature a global ISMS for a leading AI-driven data analytics company.

• Monitor ISMS compliance with ISO 27001:2022 and SOC 2 Type II, and report security KPIs to governance bodies
• Prepare compliance materials for management reviews and committee presentations
• Oversee internal and external ISMS audits and coordinate remediation of findings
• Lead gap assessments for ISO 27001 and SOC 2 using the GRC platform
• Support SOC 2 Type II audit cycles and ISO 27001 certification continuity (including ISMS 2027)
• Collaborate on information security risk management, maintain risk registers, and manage risk acceptance workflows
• Conduct security due diligence for vendors and oversee annual re-screening
• Assess EU AI Act applicability for vendor AI services and collaborate on Tu0026C and privacy policy assessments
• Manage ISMS policy lifecycle, documentation accuracy, version control, and Confluence-based framework
• Respond to client DDQs within SLAs and manage compliance-related service requests
• Produce bi-annual DDQ analysis highlighting themes and improvement areas
• Develop and deliver security awareness training with external providers

• 5+ years in IT compliance, information security governance, or GRC
• Deep knowledge of ISO 27001:2022 and SOC 2 with hands-on audit/certification experience
• Experience with GRC platforms (Vanta a strong plus)
• Strong risk management knowledge (ISO 27005, Magerit or equivalent)
• Familiarity with GDPR and EU AI Act in data-driven products and AI services
• Vendor security due diligence and third-party risk assessment experience
• Strong documentation and policy-writing skills for the ISMS
• Excellent English communication; Spanish a plus

•