What are the responsibilities and job description for the IT Compliance Consultant 0925 position at nexus IT group?
Responsibilities:
- Client Due Diligence & Requests
- Coordinate incoming and outgoing due diligence questionnaires, vendor assessments, and security documentation from clients and partners.
- Maintain a repository of compliance materials and coordinate subject matter expert (SME) involvement to complete responses.
- Ensure timely and complete delivery of all compliance documentation.
- Compliance Calendar & Operational Coordination
- Work with clients to create and maintain “IT Compliance Calendars” that covers their IT related compliance considerations including:
- Annual security reviews
- Annual disaster recovery and business continuity plan testing
- Annual policy and control reviews
- Annual cyber security testing
- Annual vendor reviews
- Annual penetration testing
- Coordination and planning of tabletop exercises
- Regulatory deadlines and attestations
- ISO 27001 Program including key activities, internal and external audit, and InfoSec meetings
- Schedule and track progress of key compliance activities, engaging relevant stakeholders.
- Work with clients to create and maintain “IT Compliance Calendars” that covers their IT related compliance considerations including:
- Regulatory Monitoring & Trend Response
- Monitor changes in client-relevant regulatory environments (e.g., SEC, NY SHIELD Act, ISO 27001).
- Identify trends and communicate legislative developments to clients and internal teams.
- Assist in developing strategies and action plans to ensure client readiness.
- Policy Documentation & Best Practice Alignment
- Lead the onboarding process for client compliance documentation, including drafting baseline policies and procedures.
- Work with the technical teams to support critical client IT processes (on/off boarding, change management, etc.)
- Review client policies and ensure alignment with regulatory standards and best practices.
- Identify documentation gaps and propose remediation.
- For ISO 27001 Program:
- Draft, maintain, and manage internal information security policies and procedures in alignment with ISO 27001 controls and Annex A requirements.
- Oversee version control, policy review cycles, and internal approvals.
- Ensure policies remain current with changes in business operations, risk posture, and industry standards.
- Coordinate and document policy acceptance and training efforts across the firm.
- Stakeholder Communication & Presentation
- Deliver briefings and presentations to internal teams and external clients on compliance posture, regulatory changes, and project milestones.
- Translate complex compliance issues into clear, actionable language suitable for business and technical audiences.
