Experience: 9-14 Years

DevSecOps to lead and support our enterprise security, compliance, and risk management initiatives. This individual will play a key role in designing, implementing, and maintaining controls aligned with global compliance frameworks including ISO 27001, SOC 2, and NIST 800-53. The ideal candidate has a deep understanding of security engineering principles, a strong compliance mindset, and a proven track record in driving cross-functional security programs.

• Follow established processes for the implementation and maintenance of security controls aligned with ISO 27001, SOC 2, and NIST 800-53.

• Collaborate with security leadership to ensure adherence to ISO 27001, SOC 2, and NIST 800-53 controls and procedures.

• Collaborate with internal and external auditors to support audits, evidence gathering, and remediation efforts.

• Develop and maintain automated security and compliance monitoring tools and dashboards.

• Translate regulatory requirements into technical requirements and integrate them into the SDLC (Secure Development Lifecycle).

• Execute tasks related to the implementation and upkeep of compliance controls under ISO 27001, SOC 2, and NIST 800-53 guidance.

• Conduct gap assessments and risk analysis; define and track remediation efforts to ensure compliance readiness.

• Strong hands-on experience and understanding of Kubernetes security, including RBAC, pod security policies, network policies, and secrets management.

• 8+ years of experience in information security or compliance engineering roles.

• Practical experience with DevOps security practices, including integrating security controls into CI/CD pipelines (GitLab CI, Jenkins, GitHub Actions, etc.)

• Strong understanding and hands-on experience with ISO 27001, SOC 2 (Type I and II), and NIST SP 800-53.

• Experience working in cloud-native environments (AWS, Azure, or GCP) with secure configuration and governance controls.

• Familiarity with cloud-native security (AWS, GCP, or Azure), container orchestration, and infrastructure-as-code tools like Terraform, Helm, or Ansible.

• Solid knowledge of access management, encryption, logging/monitoring, and network security principles.

• Demonstrated ability to lead technical initiatives, work cross-functionally, and influence at all levels.

• Excellent written and verbal communication skills with experience writing policies and technical documentation.

• Professional certifications such as CISSP, CISA, CISM, ISO 27001 Lead Implementer/Auditor, or AWS Security Specialty etc.

• Experience with compliance automation platforms.

• Background in regulated industries such as fintech, healthcare, or government.