IT Security Audit & Compliance Specialist

The IT Security Audit & Compliance Specialist is responsible for managing and overseeing information security audits, compliance programs, cybersecurity governance, and risk management initiatives across the organization. The role ensures compliance with security standards, regulatory requirements, data protection policies, and internal governance frameworks.

The position supports the development of audit frameworks, conducts security assessments, monitors compliance maturity, identifies security risks and vulnerabilities, and collaborates with stakeholders to strengthen the organization’s cybersecurity posture.

Key Responsibilities

Security Audit & Compliance Management

• Develop and maintain comprehensive IT security audit and compliance programs
• Plan, coordinate, and execute information security audit activities
• Define audit scope, objectives, methodologies, and work plans
• Develop and implement audit test plans for systems, applications, infrastructure, and cloud environments
• Conduct security compliance audits for critical systems, networks, and applications
• Maintain audit schedules, documentation, evidence collection, and reporting processes
• Ensure timely closure of audit findings, non-compliance issues, and remediation activities

Cybersecurity Governance & Risk Management

• Ensure compliance with organizational policies, regulatory requirements, contractual obligations, and security standards
• Monitor cybersecurity maturity and compliance posture across operational and technical environments
• Build and maintain controls matrices aligned with multiple security and compliance frameworks
• Identify security risks, vulnerabilities, and compliance gaps, and recommend corrective actions
• Conduct vulnerability and compliance assessments and coordinate remediation activities
• Support governance initiatives related to security standards, policies, and operating procedures

Security Operations & Technical Oversight

• Monitor compliance and security controls related to cloud security environments, Identity and Access Management (IAM), Privileged Access Management (PAM), Data Loss Prevention (DLP), and enterprise productivity and collaboration platforms.
• Coordinate with IT operations and business teams to resolve identified vulnerabilities and compliance issues
• Support the development of technical hardening standards and security baseline documents
• Ensure compliance of critical infrastructure, systems, applications, and cloud services

Reporting & Documentation

• Prepare audit reports, compliance reports, and status updates for management and stakeholders
• Communicate audit findings, recommendations, and remediation plans to leadership teams
• Maintain clear, accurate, and complete audit documentation and evidence records
• Track progress of remediation efforts and monitor implementation of previous audit recommendations

Stakeholder Coordination & Support

• Liaise with internal and external audit teams to support audit activities and evidence collection
• Collaborate with business units, HR, finance, operations, and project teams during audit and compliance reviews
• Support key business initiatives by identifying cybersecurity and compliance-related risks
• Assist in developing and delivering security awareness and compliance initiatives
• Perform related duties and special projects as assigned

Qualifications & Experience

• Bachelor’s degree in Computer Science, Information Security, Cybersecurity, Information Technology, or a related field
• Additional professional training and certifications in cybersecurity, audit, or compliance are preferred
• Minimum 15 years of progressive experience in information security, IT audit and compliance, infrastructure and application security, and cloud security and governance.
• Experience managing security audits, risk assessments, and compliance programs
• Experience working within highly regulated environments, preferably healthcare

Technical Knowledge

• Strong understanding of information security frameworks and standards, cybersecurity governance and risk management, vulnerability management and security assessments, cloud security technologies and controls, and identity and access management concepts.
• Knowledge of industry frameworks and standards, including ISO 27001 / ISO 27002, NIST, and CIS Benchmarks.
• Mandatory hands-on knowledge of cloud security environments, IAM and PAM technologies, DLP solutions, and enterprise productivity and collaboration platforms.

Preferred Certifications

• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• Cloud security certifications (e.g., cloud security administration or governance certifications)
• ISO 27001 Lead Auditor or equivalent certifications

Skills

• Strong analytical and problem-solving abilities
• Excellent audit, reporting, and documentation skills
• Strong stakeholder management and communication skills
• Ability to work effectively with cross-functional and multicultural teams
• Experience developing security policies, standards, and governance frameworks
• Strong understanding of security compliance and operational best practices