Job Description

We are seeking a highly skilled and detail-oriented IT Compliance and Security Manager to oversee and enhance our organization s security and compliance programs. This individual will play a pivotal role in managing our Microsoft security ecosystem, ensuring compliance with SOX and IT General Controls (ITGC) requirements, and leading our efforts to achieve ISO 27001 certification. The role also involves managing and optimizing Microsoft Defender tools and implementing Sentinel to strengthen our cybersecurity posture. You must have proven experience and working knowledge with Microsoft Defender suite of security products. Key Responsibilities: Microsoft Security Administration: Manage and optimize the Microsoft Defender suite, including Defender for Endpoint, Identity, Office, and Cloud Apps. Implement, configure, and manage Microsoft Sentinel for advanced threat detection and incident response. Monitor and respond to security alerts and incidents, ensuring timely resolution and documentation. SOX and ITGC Compliance: Conduct IT General Controls (ITGC) testing and ensure SOX audit requirements are met. Collaborate with internal and external auditors during audits to provide necessary evidence and address findings. Develop and maintain documentation for IT controls, processes, and compliance activities. ISO 27001 Certification: Lead the planning and execution of activities required for achieving ISO 27001 certification. Develop and implement information security policies and procedures to align with ISO 27001 standards. Coordinate with cross-functional teams to address gaps and ensure compliance with certification requirements. Risk and Compliance Management: Identify, assess, and mitigate IT security risks across the organization. Ensure ongoing compliance with regulatory requirements and internal policies. Monitor and report on the effectiveness of security controls and compliance programs. Collaboration and Training: Partner with IT, Legal, Finance, and other teams to align compliance and security efforts. Conduct training sessions to raise awareness of IT security and compliance policies among employees. Serve as the primary point of contact for compliance and security-related inquiries. Qualifications: Bachelor s degree in Information Technology, Cybersecurity, or a related field (or equivalent experience). 5+ years of experience in IT security, compliance, or related roles. Hands-on experience with Microsoft Defender tools and Microsoft Sentinel. In-depth knowledge of SOX, ITGC, and ISO 27001 frameworks. Strong understanding of cybersecurity principles and risk management. Excellent communication skills and the ability to work collaboratively across teams. Relevant certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or Microsoft Security certifications are a plus.