nWith our headquarters in Boston, MA, we are growing and expanding our teams located in different countries

**!

What will you d**

o?Compliance & Governan

• ceDevelop, implement, and maintain comprehensive information security policies, standards, and procedures aligned with the ISO 27001 framewo
• rkLead, manage, and mature the organization's Information Security Management System including risk treatment, internal audits, and readiness for external certification audit
• s.Serve as the subject matter expert (SME) for Security and Privacy Rules, ensuring compliance for all systems, processes, and applications handling PII and Protected Health Information (PHI
• ).Conduct continuous monitoring and evidence collection to demonstrate compliance with relevant framework
• s.Plan, conduct and manage internal and supplier audi
• tsPlan GRC activities, prioritise and implement them in timebound manne
• r.Perform detailed security risk assessments and gap analyses on new and existing systems, with a focus on cloud infrastructu
• reCollaborate with Product, Technology, IT and Security teams to implement security controls into cloud / infra / environments, ensuring compliance. Provide technical guidance to them on implementing controls and best practices, specifically related to cloud security architecture and configuration
• s.Review risk mitigations periodically and track remediation efforts to closur
• e.Conduct third-party vendor risk assessments, focusing on their adherence to required compliance standard
• s.Develop and deliver targeted security awareness and training programs focused on HIPAA and ISO 27001 requirements for all staff, including technical team
• s.Evaluate and recommend new security technologies and processes to enhance the compliance and risk postur
• e.Stay current on emerging cloud security threats, regulatory changes, and updates to the ISO 27001 family of standards and HIPA

**A.

Requireme**

ntsWhat do you bring to the tab

le?· Experien

• ce:Minimum of 8+ years of progressive experience in Information Security GRC, with a focus on risk management, compliance, and governan
• ce.Proven, hands-on experience driving and maintaining ISO 27001 certification progra
• ms.Deep practical knowledge and experience of implementing security controls ensuring compliance in a technical, cloud-centric environme
• nt.Strong technical competency in Cloud Security (AWS, Azure, or GCP) and related cloud-native security servic
• es.Education: Bachelor's degree in IT, Computer Science or related fie
• ld.Certifications (One or more highly preferre
• d):CISSP (Certified Information Systems Security Profession
• al)CISA (Certified Information Systems Audit
• or)ISO 27001 Lead Implementer/Audi
• torCCSK (Certificate of Cloud Security Knowledge) or equivalent Cloud-specific security certification (e.g., AWS Certified Security, Azure Security Enginee

r).

Soft Sk

• illsProficiency in written and verbal communication skills with the ability to translate complex security and compliance requirements / controls into clear action
• ableStrong project management and organizational skills to handle multiple, simultaneous audit and compliance initiati
• ves.A collaborative and proactive mindset, with the ability to influence and lead cross-functional teams without direct author

ity.Bene

• fitsFlexible Work & Time Off - Embrace hybrid work models and enjoy the freedom of unlimited paid time off to support work-life bala
• nce.Health & Well-being - Access comprehensive group medical and life insurance coverage, along with a 24/7 Employee Assistance Program (EAP) for mental health and wellness supp
• ort.Growth & Learning - Fuel your professional journey with continuous learning and development programs designed to help you upskill and g
• row.Recognition & Rewards - Get recognized for your contributions through structured reward programs and campai
• gns.Engaging & Fun Work Culture - Experience a vibrant workplace with team events, celebrations, and engaging activities that make every workday enjoya
• ble.& Many Mor

e...