IT Compliance Specialist (SOC 2 implementation)

Job Description

Good understanding of the structure and requirements of the SOC 2 framework. Familiarity with the five Trust Service Criteria. Knowledge of fundamental information security principles, including CIA triad. Understanding of security controls and their application to protect information assets. Ability to identify, assess, and mitigate risks related to information security and compliance. Understanding of risk assessment methodologies and risk treatment strategies. Familiarity with audit procedures and practices, particularly related to SOC 2 audits. Experience in preparing for and undergoing SOC 2 audits, including documentation and evidence gathering. Knowledge of data privacy laws and regulations applicable to the organization's operations. Understanding of best practices for ensuring data confidentiality and privacy controls. Proficiency in implementing and managing security controls aligned with SOC 2 requirements. Knowledge of industry standards and best practices such as ISO 27001, NIST Cybersecurity Framework, and CIS Controls. Ability to develop and implement incident response plans to address security breaches or incidents. Experience in managing incident response processes in accordance with SOC 2 requirements. Skill in documenting policies, procedures, and controls to demonstrate compliance with SOC 2 requirements. Ability to prepare comprehensive reports and documentation for SOC 2 audits. Understanding of continuous monitoring practices to ensure ongoing compliance with SOC 2 requirements. Experience in implementing improvements based on audit findings and evolving security threats. Ability to collaborate effectively with various teams, including IT, legal, compliance, and management. Skill in communicating SOC 2 requirements and findings to non-technical stakeholders. Experience in conducting training and awareness programs to educate employees about SOC 2 requirements and information security best practices. Commitment to maintaining ethical standards and professionalism during SOC 2 compliance activities and audits. Graduation/ post-graduation in Computer science/ IT is mandatory CISA/ CISM certification is preferred