Compliance Officer (Cybersecurity) | WFH

COMPLIANCE OFFICER (Cybersecurity)

This position ensures our company adheres to data security, quality, reporting and in-house policies. You will be responsible for enforcing regulations in all aspects and levels of business. The role requires high ethical standards and to complete your duties keeping in mind the objectives of the business. You must be comfortable saying “no” when necessary and be result-oriented.

The goal is to preserve the company’s integrity by making sure it stays on a lawful and ethical course.

RESPONSIBILITIES:

• Review policies, processes and systems to meet and maintain the companys ISO 27001, ISO 9001 and PCI DSS Level 1 certifications.
• Establish and maintain policies and procedures to provide risk management and fraud prevention/control.
• Develop and oversee control systems to prevent or deal with violations of guidelines and internal policies.
• Review the work of colleagues when necessary to identify compliance issues and provide advice or training.
• Perform internal audits as well as evolving best practices in compliance control.
• Monitor network and systems for security breaches and investigate incidents.
• Perform security risk assessments and vulnerability analyses.
• Manage and maintain security software and hardware.
• Stay up-to-date with the latest security trends and threats.
• Provide security training and education to employees.
• Respond to security incidents and facilitate incident response procedures.
• Create and manage cyber security related policies and procedures.
• Exposure and greater understanding of the GDPR, PCI DSS, Australian Privacy Laws (APPs) including OAIC & NDB, and ISO 27001 protocols and assessment processes.
• Regular review of artefacts for various security related processes (managed mostly in Jira) for correctness and effectiveness in security incidents, change management, risk management, access control.
• Managing the security related Jira work queues to ensure work is completed and managed appropriately.
• Review all policies at least once a year.
• Provide risk assessments, security advice and guidance to the appropriate teams.
• Analyse high volumes of logs, network data and other attack artifacts on a periodic basis
• Assist with User Testing (Security related) as required.
• Keep up to date with security techniques and compliance issues.
• Understanding of vulnerability assessment products, and experience in advising on vulnerability resolution and mitigation
• Understanding of Risk and Governance, Cyber Security Incident Management, Audit and Compliance, Policy, Cloud technologies and Application Security

Performance Goals

• Maintenance of compliance certifications
• Establishing controls to measure and improve performance.
• Risk analysis and review
• Establishing and managing external compliance and security entities to consult and review procedures and systems.

REQUIREMENTS:

• Bachelors degree in Computer Science, Cybersecurity, or related field
• Minimum of 3 years of experience in a cyber security role
• Strong understanding of security protocols and technologies
• Experience with, or exposure to, security tools such as XDR/MDR/Antivirus, Vulnerability Management (e.g. Tenable, Spotlight).
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills

Considered a Plus

• Atlassian - Jira, Confluence
• Google Cloud Platform/IdP
• Experience with AWS, IDS/IPS, WAF, DDoS, ECS Fargate, CI/CD, ECR, Docker
• Application Control and Application Whitelisting, Web Filtering,
• CIS Frameworks
• Terraform
• Security certifications are a plus

WORK DETAILS:

• Location - Work from home until further notice
• Schedule - Monday to Friday, 7am-4pm
• Status - Regular employment