Security Compliance Program Manager

Security Compliance Program Manager senior-level security audit and compliance professional responsible for supporting the development implementation and operationalization of SOC 2 ISO 27001:2022 NIST CSF and related security procedures for client environments. This role is intended for an experienced professional with 1016 years of progressive experience across information security IT audit cyber risk management compliance frameworks technical controls and stakeholder-driven implementation. The Cyber Security Engineer (L7) will work alongside an existing long-term consultant to transform audit requirements security controls documented procedures evidence collection processes user-awareness initiatives and internal-audit findings into sustainable operational practices. The ideal candidate will possess hands-on experience with SOC 2 Type 1 and Type 2 audits ISO 27001 implementation and certification readiness internal audit support control mapping evidence management process documentation KPI tracking security-awareness programs change management and security governance. This role will collaborate closely with client leadership security stakeholders HR Finance Operations Engineering Technology Business Development Purchasing and international business units to advance security maturity and certification readiness.

Qualifications :

• 1016 years of professional experience in cybersecurity information security IT audit GRC risk management infrastructure security security engineering or related disciplines.
• Hands-on experience supporting SOC 2 Type 1 and/or Type 2 audits including control documentation evidence collection auditor interaction remediation planning and recurring control operation.
• Strong working knowledge of ISO 27001 including ISO 27001:2022 requirements Annex A controls internal audits risk treatment documented information and management-system practices. 6 Page 5 Confidential - Copyright 2026 Veritas Automata LLC - Yuxi Global All Rights.
• Experience aligning security programs with frameworks such as NIST CSF CIS Controls ISO 31000 ISO 22301 HIPAA HITRUST PCI DSS GDPR LGPD or DFARS-related requirements.
• Demonstrated ability to create and operationalize policies procedures standards control narratives process documentation and evidence-management workflows.
• Experience working with cross-functional business and technology stakeholders to obtain audit evidence drive process adoption and close control gaps.
• Strong understanding of technical security domains including:

1. Access Control
2. Identity and Access Management (IAM) 2
3. Vulnerability Management
4. Incident Response
5. Change Management
6. Logging and Monitoring
7. Endpoint Security
8. Network Security
9. Cloud Security
10. Business Continuity

• Experience working directly with senior stakeholders and control owners to improve security maturity and track measurable progress.
• Practical experience using Jira Confluence spreadsheets dashboards or GRC platforms to manage audit readiness KPIs findings and remediation plans.
• Strong written and verbal communication skills in English.

Remote Work :

Yes

Employment Type :

Full-time