Job Description Security Compliance Program Manager senior‑level security, audit, and compliance professional responsible for supporting the development, implementation, and operationalization of SOC 2, ISO 27001:2022, NIST CSF, and related security procedures for client environments. This role is intended for an experienced professional with 10‑16 years of progressive experience across information security, IT audit, cyber risk management, compliance frameworks, technical controls, and stakeholder‑driven implementation. The Cyber Security Engineer (L7) will work alongside an existing long‑term consultant to transform audit requirements, security controls, documented procedures, evidence collection processes, user‑awareness initiatives, and internal‑audit findings into sustainable operational practices. The ideal candidate will possess hands‑on experience with SOC 2 Type 1 and Type 2 audits, ISO 27001 implementation and certification readiness, internal audit support, control mapping, evidence management, process documentation, KPI tracking, security‑awareness programs, change management, and security governance. This role will collaborate closely with client leadership, security stakeholders, HR, Finance, Operations, Engineering, Technology, Business Development, Purchasing, and international business units to advance security maturity and certification readiness. Qualifications 10‑16 years of professional experience in cybersecurity, information security, IT audit, GRC, risk management, infrastructure security, security engineering, or related disciplines. Hands‑on experience supporting SOC 2 Type 1 and/or Type 2 audits, including control documentation, evidence collection, auditor interaction, remediation planning, and recurring control operation. Strong working knowledge of ISO 27001, including ISO 27001:2022 requirements, Annex A controls, internal audits, risk treatment, documented information, and management‑system practices. Experience aligning security programs with frameworks such as NIST CSF, CIS Controls, ISO 31000, ISO 22301, HIPAA, HITRUST, PCI DSS, GDPR, LGPD, or DFARS‑related requirements. Demonstrated ability to create and operationalize policies, procedures, standards, control narratives, process documentation, and evidence‑management workflows. Experience working with cross‑functional business and technology stakeholders to obtain audit evidence, drive process adoption, and close control gaps. Strong understanding of technical security domains, including: Access Control Identity and Access Management (IAM) Vulnerability Management Incident Response Change Management Logging and Monitoring Endpoint Security Network Security Cloud Security Business Continuity Experience working directly with senior stakeholders and control owners to improve security maturity and track measurable progress. Practical experience using Jira, Confluence, spreadsheets, dashboards, or GRC platforms to manage audit readiness, KPIs, findings, and remediation plans. Strong written and verbal communication skills in English. #J-18808-Ljbffr
Security Compliance Program Manager
STRYKER CORPORATION
Medellín, Medellín
Publicado hace 11 días
Denunciar empleo