How Remoteville checks and expires listings
IT Compliance & Risk Lead
Skills
BusinessComptiaCybersecurityEvidenceFinanceISO 27001Performance Metrics
What the job involves
The main requirements, responsibilities and hiring steps.
Requirements
- Bachelor's degree in Cybersecurity Information Systems Risk Management IT or equivalent experience
- 4–7 years of experience in IT compliance GRC audit or risk management roles
- Hands-on experience leading or coordinating an external audit such as HIPAA PCI-DSS or SOC 2
- Experience managing or partnering with a managed SOC MSSP or MDR provider
- Experience working with Legal HR Finance and executive stakeholders on security and risk topics
- GRC platform experience with tools such as Vanta Drata or AuditBoard
- Audit evidence management and risk register tools experience
- Policy authoring and IAM governance access review experience
- Vendor risk management experience
- Primary compliance framework knowledge in HIPAA PCI-DSS and NIST CSF
Nice to have
- Risk-based thinker
- Clear communicator
- Detail-oriented
- Calm under pressure
- Cross-functional collaborator
- Vendor management
- Audit-ready mindset
- Proactive mindset
Day to day
- Own end-to-end HIPAA and PCI-DSS compliance, including audit cycles evidence collection and control narratives
- Develop and enforce IT policies standards and procedures aligned to NIST CSF HIPAA Security Rule and PCI-DSS
- Maintain the enterprise risk register assess threats prioritize remediation and report risk posture to leadership
- Manage SOC partner oversight vulnerability remediation incident response coordination access reviews vendor risk and security training
