-
Implement and maintain ISO 27001:2022 controls and ensure compliance with ISMS requirements.
-
Ensure compliance with HIPAA (Health Insurance Portability and Accountability Act) and GDPR (General Data Protection Regulation) requirements for data privacy and protection.
-
Monitor and analyze security alerts from various tools, including SIEM solutions.
-
Conduct risk assessments and gap analysis aligned with ISO 27001:2022 Annex A controls, HIPAA Security Rule, and GDPR requirements.
-
Assist in the development and continuous improvement of the Information Security Management System (ISMS).
-
Support internal and external ISO 27001:2022 audits, HIPAA compliance audits, and GDPR data protection assessments, including evidence collection and corrective action implementation.
-
Conduct vulnerability assessments and penetration testing to identify security risks.
-
Investigate security incidents and support incident response efforts in accordance with ISO 27001:2022 Incident Management, HIPAA Breach Notification Rule, and GDPR Data Breach Notification requirements.
-
Implement and maintain security policies, procedures, and controls aligned with ISO 27001:2022, HIPAA, and GDPR.
-
Provide security awareness training to employees on ISMS policies, HIPAA security/privacy regulations, and GDPR compliance requirements.
-
Collaborate with IT and development teams to ensure secure coding practices, system configurations, and data protection controls.
-
Stay updated with the latest security threats, vulnerabilities, and mitigation strategies relevant to ISO 27001:2022, HIPAA, and GDPR compliance.
-
Bachelor’s degree in computer science, Cybersecurity, Information Technology, or a related field.
-
5+ years of experience in information security or a related role, with hands-on experience in ISO 27001:2022 implementation, HIPAA compliance, and GDPR data protection.
-
Strong understanding of ISO 27001:2022 framework, HIPAA Security and Privacy Rules, and GDPR principles.
-
Experience with security tools such as firewalls, SIEM, IDS/IPS, and endpoint protection.
-
Knowledge of ISO 27002:2022 controls, OWASP Top 10, secure coding practices, and cloud security principles.
-
Hands-on experience with vulnerability management, risk assessment methodologies, and HIPAA risk analysis.
-
Certifications such as ISO 27001 Lead Implementer, ISO 27001 Lead Auditor.
-
Strong analytical, problem-solving, and communication skills.