Information Security Compliance Specialist (ISO 27001 and SOC 2)

About Us:
AILA is a leading provider of Legal Tech, committed to ensuring the highest standards of information security for our clients and stakeholders. We are seeking a highly skilled and experienced Information Security Compliance Specialist to guide us through the ISO 27001 and SOC 2 certification processes.

Job Summary:
The Information Security Compliance Specialist will be responsible for leading and managing the certification processes for ISO 27001 and SOC 2. This role requires a deep understanding of information security management systems, compliance requirements, and best practices. The successful candidate will work closely with various departments to ensure compliance with all relevant standards and regulations.

Key Responsibilities:

Certification Management:

Lead the planning, implementation, and management of ISO 27001 and SOC 2 certification processes.
Develop and maintain the Information Security Management System (ISMS) in accordance with ISO 27001 standards.
Ensure all SOC 2 Trust Service Criteria are met and documented.
Risk Assessment and Management:

Conduct thorough risk assessments to identify potential security threats and vulnerabilities.
Develop and implement risk mitigation strategies and controls.
Policy and Procedure Development:

Create, review, and update information security policies, procedures, and guidelines.
Ensure all policies and procedures comply with ISO 27001 and SOC 2 requirements.
Training and Awareness:

Develop and deliver information security training programs for employees.
Foster a culture of security awareness across the organization.
Audit Preparation and Coordination:

Prepare for internal and external audits by maintaining comprehensive documentation and evidence.
Coordinate with external auditors and certifying bodies during the audit process.
Compliance Monitoring and Reporting:

Monitor ongoing compliance with ISO 27001 and SOC 2 standards.
Generate regular reports on the status of the ISMS and compliance efforts.
Stakeholder Engagement:

Collaborate with internal teams, including IT, HR, Legal, and Operations, to ensure compliance.
Communicate effectively with senior management and other stakeholders regarding information security initiatives and compliance status.
Qualifications:

Education and Certifications:

Bachelor’s degree in Information Security, Computer Science, or a related field.
Relevant certifications such as CISA, CISM, CISSP, ISO 27001 Lead Implementer/Auditor, or SOC 2 Specialist.
Experience:

Minimum of 5 years of experience in information security, with a focus on ISO 27001 and SOC 2 certifications.
Proven track record of successfully managing certification projects from start to finish.
Skills:

Strong understanding of information security management systems and compliance frameworks.
Excellent project management skills, with the ability to handle multiple projects simultaneously.
Analytical and problem-solving skills to identify and address security risks.
Strong communication and interpersonal skills to work effectively with diverse teams.
Attention to detail and thorough documentation skills.
Technical proficiency in using information security tools and technologies.
Knowledge of legal and regulatory requirements related to information security.
Preferred Qualifications:

Experience in a similar industry or with similar technology environments.
Familiarity with cloud security and network security practices.
Why Join Us?

Competitive salary and benefits package.
Opportunity to make a significant impact on our company’s information security posture.
Collaborative and dynamic work environment.
Professional development and growth opportunities.
How to Apply:
Interested candidates are invited to submit their resume and a cover letter detailing their relevant experience and qualifications .