Compliance&GovernanceSpecialist

## Accountabilities Own and evolve enterprise security and compliance programs, including SOC 2 Type II, ISO 27001, ISO 42001, and related governance frameworks. Lead end-to-end audit readiness activities, including gap assessments, control mapping, auditor coordination, evidence collection, and remediation tracking. Translate regulatory and framework requirements into practical, scalable controls that can be implemented across engineering and product teams. Drive automation of compliance evidence collection and support continuous audit readiness in collaboration with engineering teams. Maintain ISMS and AIMS governance structures, including policy lifecycle management, scope definition, and control documentation. Oversee internal audits, CAPA management, and ongoing certification maintenance while evaluating control effectiveness. Collaborate cross-functionally with engineering, security, legal, and AI teams to embed compliance into SDLC and operational processes. Manage vendor and third-party risk assessments, including due diligence, contractual alignment, and residual risk evaluation. Produce compliance dashboards, KPIs, and executive reporting to support leadership decision-making and risk visibility. Requirements: 5+ years of experience in information security, compliance, audit, or risk management, with strong hands-on SOC 2 Type II exposure. Deep understanding of SOC 2 Trust Services Criteria and audit execution practices. Experience working with ISO 27001 frameworks, ISMS operation, CAPA management, and certification maintenance. Ability to assess control design and operational effectiveness, identify gaps, and drive remediation across teams without direct authority. Strong communication skills with experience producing audit documentation, risk reports, and compliance dashboards. Familiarity with cloud environments (especially Azure) and how infrastructure decisions impact compliance controls. Nice to have: exposure to ISO 42001, AI/ML governance, responsi