IBM

We are looking for a detail-oriented Security Services Specialist with a strong focus on compliance, audits, and business continuity/disaster recovery (BCDR). This role is responsible for supporting internal and external security audits and maintaining continuous regulatory compliance. The ideal candidate will have experience aligning security and compliance programs with frameworks such as SOC 2, ISO 27001, and NIST, while also supporting the development and testing of BCDR plans. You will work closely with internal stakeholders and external auditors to ensure our security practices meet applicable requirements and support business goals.

Audit Management:

• Coordinate and support internal and external audits, including evidence collection, control testing, and remediation tracking.
• Serve as the secondary point of contact for auditors and third-party assessors.
• Maintain audit logs, findings, and corrective action plans.

Compliance Oversight:

• Monitor and ensure compliance with industry regulations and internal security policies.
• Map controls and processes to multiple compliance frameworks (e.g., NIST, ISO, SOC 2, HIPAA).
• Track evolving compliance obligations and help update policies accordingly.

Access Management:

• Support access management processes
• Coordinate and drive periodic user access reviews.

Business Continuity & Disaster Recovery (BCDR)

• Collaborate with IT, operations, and business units to develop and maintain BCDR plans.
• Coordinate and conduct periodic BCDR tests, document results, and track corrective actions.
• Evaluate critical business processes to identify single points of failure and propose continuity strategies.
• Ensure BCDR plans align with compliance requirements and organizational risk appetite.
• Maintain an inventory of critical assets and dependencies required for continuity and recovery.

Policy Development & Enforcement:

• Assist in developing, updating, and enforcing information security policies, procedures, and standards.
• Ensure policies align with compliance frameworks and are effectively communicated across the organization.

Documentation & Reporting:

• Maintain detailed and organized documentation of security controls, evidence, and compliance artifacts.
• Create reports and dashboards for leadership on compliance status and audit readiness.

Other assignments as required to support the security, compliance, and resilience goals of the organization.

• Bachelor’s degree in Cybersecurity, Information Systems, Risk Management, or related field.
• 3+ years of experience in information security, with a focus on compliance and audits.
• Hands-on experience supporting one or more compliance frameworks (e.g., SOC 2, ISO 27001, GDPR, NIST).
• Strong understanding of security controls and risk management practices.
• Strong understanding of network, system, and application security principles.
• Strong knowledge of risk management principles and audit processes.
• Excellent analytical, problem-solving, and communication skills.

• Strong attention to detail and organizational skills.
• Excellent written and verbal communication.
• Ability to manage multiple audits and compliance initiatives simultaneously.
• Comfortable working with technical and non-technical teams.