RRemotevilleRemote roles worth applying for.

How Remoteville checks and expires listings

IT Compliance & Risk Lead

Skills
BusinessComptiaCybersecurityEvidenceFinanceISO 27001Performance Metrics
Role

What the job involves

The main requirements, responsibilities and hiring steps.

Requirements

  • Bachelor's degree in Cybersecurity Information Systems Risk Management IT or equivalent experience
  • 4–7 years of experience in IT compliance GRC audit or risk management roles
  • Hands-on experience leading or coordinating an external audit such as HIPAA PCI-DSS or SOC 2
  • Experience managing or partnering with a managed SOC MSSP or MDR provider
  • Experience working with Legal HR Finance and executive stakeholders on security and risk topics
  • GRC platform experience with tools such as Vanta Drata or AuditBoard
  • Audit evidence management and risk register tools experience
  • Policy authoring and IAM governance access review experience
  • Vendor risk management experience
  • Primary compliance framework knowledge in HIPAA PCI-DSS and NIST CSF

Nice to have

  • Risk-based thinker
  • Clear communicator
  • Detail-oriented
  • Calm under pressure
  • Cross-functional collaborator
  • Vendor management
  • Audit-ready mindset
  • Proactive mindset

Day to day

  • Own end-to-end HIPAA and PCI-DSS compliance, including audit cycles evidence collection and control narratives
  • Develop and enforce IT policies standards and procedures aligned to NIST CSF HIPAA Security Rule and PCI-DSS
  • Maintain the enterprise risk register assess threats prioritize remediation and report risk posture to leadership
  • Manage SOC partner oversight vulnerability remediation incident response coordination access reviews vendor risk and security training