Information Security Compliance Specialist
Job Summary
The Information Security Compliance Specialist is responsible for identifying risks and ensuring the organization remains compliant with industry standards, relevant laws, and regulations. This role is instrumental in maintaining ISO 27001 and ISO 27701 certifications, as well as achieving and sustaining compliance with NIST 800-171.
Essential Functions
Own and maintain ongoing compliance with ISO 27001, ISO 27701, GDPR, and NIST 800-171 requirements
Prepare for, coordinate, and support internal and external security audits, including evidence collection and remediation tracking
Conduct risk assessments, identify compliance gaps, and recommend corrective actions
Develop, implement, and continuously improve information security policies, procedures, and controls
Maintain audit artifacts, compliance documentation, and records to support certifications and assessments
Partner closely with IT, Security, and cross-functional teams to align compliance initiatives with security operations
Act as the primary liaison with auditors, regulators, and third-party assessors
Support incident response activities by ensuring proper compliance documentation and reporting
Deliver training and guidance to employees on security policies and best practices
Required Knowledge, Skills, Abilities
Strong working knowledge of ISO 27001, ISO 27701, and NIST 800-171 compliance frameworks
Solid understanding of cybersecurity frameworks, regulatory standards, and industry best practices
Proven ability to author and maintain security policies, procedures, and documentation
Strong analytical skills with the ability to translate compliance requirements into actionable remediation plans
Excellent organizational and project management skills to track multiple compliance initiatives
Clear, effective communication skills for training and cross-functional collaboration
Required Education, Certifications/Licenses, Related Experience
Bachelor’s degree in Information Security, Cybersecurity, Compliance, or a related field (or equivalent experience)
3+ years of experience in information security compliance, risk management, audit, or a related role
Hands-on experience with ISO 27001, ISO 27701, NIST 800-171, and GDPR
Relevant certifications preferred: CISA, CISM, CISSP, ISO 27001
In lieu of a degree, 8+ years of relevant experience will be considered
Physical Job Requirements
Ability to work in an office environment with extended periods of desk work
Occasional lifting of equipment or documentation materials
Availability to respond to compliance-related matters outside normal business hours when needed
Travel Requirements
Occasional travel for training, conferences, or collaboration with remote teams
Travel may include car, air, or train