Security Compliance Officer

at  NVISO

Who are we?
It all starts with the mission: NVISO is here to protect European society from potentially devastating cyber attacks! This means we offer cyber security services to private and governmental organizations to help them better prepare for, prevent, detect and respond to cyber security incidents.
All of this is built on four fundamental values that define who we are: We are Proud, We Break Barriers, We Care and No BS!

Tasks

• Implement and enforce comprehensive security policies, procedures, and standards in alignment with regulatory standards and internal policies, with a strong emphasis on our company’s cloud environments, particularly Azure, and to a lesser extent, AWS.
• Conduct hands-on configuration, auditing, and follow-up of cloud security tools, including but not limited to Azure Defender for Cloud, to ensure enforcement of security posture, regulatory compliance, workload protections, data security, firewall management, and DevOps security.
• Utilize Azure Purview, Varonis, or similar data governance and protection tools to monitor and secure sensitive data across the organization.
• Possess practical knowledge of Cloud Access Security Broker (CASB) and Privileged Access Management (PAM) tools to enhance the organization’s security posture; experience with these tools is considered a significant advantage.
• Perform regular compliance audits and assessments, leveraging hands-on experience to ensure compliance with policies and standards, as well as external regulatory requirements.
• Collaborate with IT and customers service lines teams to identify and mitigate potential risks to information security.
• Provide advice on compliance matters, guiding management and staff in maintaining a compliant and secure operational environment.
• Integrate compliance measures across various departments, ensuring seamless adherence to security protocols.
• Prepare and manage documentation related to compliance audit reports.
• Lead training initiatives to educate employees on compliance requirements and security best practices.
• Support conversation around compliance with external auditors and regulators, preparing the organization for external audits and compliance reviews, including support for ISO 27001 certification processes.
• Assist in managing security certifications such as ISO 27001, NIS2, or equivalent standards.
• Monitor and enhance the effectiveness of compliance programs, making necessary improvements.
• Provide support in responding to inquiries, external audits, and due diligence for security compliance by customers and/or business partners.
• Facilitate and support customer audits and due diligence processes, ensuring transparency and compliance with security requirements.

Requirements

• Eligibility for NATO CLEARANCE (details here)
• Bachelor’s degree in Information Technology, Data Science, Cybersecurity or a related field (or equivalent experience).
• Professional certifications such as CISSP, CISA, or similar are a plus.
• Demonstrated experience in a compliance officer role, with a specific focus on implementing and enforcing compliance policies in cloud environments, especially Azure and AWS.
• In-depth understanding of IT security principles, technologies, and best practices, with a focus on cloud security.
• Knowledge of relevant legal and regulatory frameworks, such as GDPR is a plus.
• Excellent analytical, organizational and hands-on skills.
• Strong communication and interpersonal abilities, capable of conveying complex compliance issues to diverse audiences.
• Detail-oriented with the capacity to manage multiple tasks and projects simultaneously.

• Implement and enforce comprehensive security policies, procedures, and standards in alignment with regulatory standards and internal policies, with a strong emphasis on our company’s cloud environments, particularly Azure, and to a lesser extent, AWS.
• Conduct hands-on configuration, auditing, and follow-up of cloud security tools, including but not limited to Azure Defender for Cloud, to ensure enforcement of security posture, regulatory compliance, workload protections, data security, firewall management, and DevOps security.
• Utilize Azure Purview, Varonis, or similar data governance and protection tools to monitor and secure sensitive data across the organization.
• Possess practical knowledge of Cloud Access Security Broker (CASB) and Privileged Access Management (PAM) tools to enhance the organization’s security posture; experience with these tools is considered a significant advantage.
• Perform regular compliance audits and assessments, leveraging hands-on experience to ensure compliance with policies and standards, as well as external regulatory requirements.
• Collaborate with IT and customers service lines teams to identify and mitigate potential risks to information security.
• Provide advice on compliance matters, guiding management and staff in maintaining a compliant and secure operational environment.
• Integrate compliance measures across various departments, ensuring seamless adherence to security protocols.
• Prepare and manage documentation related to compliance audit reports.
• Lead training initiatives to educate employees on compliance requirements and security best practices.
• Support conversation around compliance with external auditors and regulators, preparing the organization for external audits and compliance reviews, including support for ISO 27001 certification processes.
• Assist in managing security certifications such as ISO 27001, NIS2, or equivalent standards.
• Monitor and enhance the effectiveness of compliance programs, making necessary improvements.
• Provide support in responding to inquiries, external audits, and due diligence for security compliance by customers and/or business partners.
• Facilitate and support customer audits and due diligence processes, ensuring transparency and compliance with security requirements