Information Security Compliance Specialist

Job Summary: The Information Security Compliance Specialist is responsible for identifying risks and ensuring the organization remains compliant with industry standards, relevant laws, and regulations. This role is instrumental in maintaining ISO 27001 and ISO 27701 certifications, as well as achieving and sustaining compliance with NIST 800-171.

The Compliance Specialist will streamline audits, maintain certifications, and develop policies to uphold data security commitments. This position requires strong attention to detail, knowledge of compliance frameworks, and the ability to work collaboratively across departments.

Essential Functions

• Own and maintain ongoing compliance with ISO 27001, ISO 27701, GDPR, and NIST 800-171 requirements
• Prepare for, coordinate, and support internal and external security audits, including evidence collection and remediation tracking
• Conduct risk assessments, identify compliance gaps, and recommend corrective actions
• Develop, implement, and continuously improve information security policies, procedures, and controls
• Monitor regulatory and framework changes to ensure continued compliance
• Partner closely with IT, Security, and cross-functional teams to align compliance initiatives with security operations
• Maintain audit artifacts, compliance documentation, and records to support certifications and assessments
• Act as the primary liaison with auditors, regulators, and third-party assessors
• Support incident response activities by ensuring proper compliance documentation and reporting
• Deliver training and guidance to employees on security policies and best practices

Required Knowledge, Skills, Abilities 

• Strong working knowledge of ISO 27001, ISO 27701, and NIST 800-171 compliance frameworks
• Hands-on experience conducting risk assessments and implementing security controls
• Solid understanding of cybersecurity frameworks, regulatory standards, and industry best practices
• Proven ability to author and maintain security policies, procedures, and documentation
• Strong analytical skills with the ability to translate compliance requirements into actionable remediation plans
• Excellent organizational and project management skills to track multiple compliance initiatives
• Clear, effective communication skills for training and cross-functional collaboration
• Familiarity with security tools and technologies that support compliance efforts

Required Education, Certifications/ Licenses, Related Experience 

• Bachelor’s degree in Information Security, Cybersecurity, Compliance, or a related field (or equivalent experience)
• 3 years of experience in information security compliance, risk management, audit, or a related role
• Hands-on experience with ISO 27001, ISO 27701, NIST 800-171, and GDPR
• Relevant certifications preferred: CISA, CISM, CISSP, ISO 27001
• In lieu of a degree, 8 years of relevant experience will be considered

Physical Job Requirements

• Ability to work in an office environment with extended periods of desk work
• Occasional lifting of equipment or documentation materials
• Availability to respond to compliance-related matters outside normal business hours when needed

Travel Requirements

• Occasional travel for training, conferences, or collaboration with remote teams
• Travel may include car, air, or train

Securiport is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics. Securiport is committed to working with and providing reasonable accommodations to applicants with physical and mental disabilities. Please see the United States Department of Labor's EEO poster and EEO poster supplement for additional information.

Disclaimer: Nothing in this job description restricts management's right to assign or reassign duties and responsibilities to this job at any time. The above statements are intended to describe the general nature and level of work being performed by people assigned to this position at the time this job description was written. They are not intended to be an exhaustive list of all duties, responsibilities and skills required of personnel so classified. This document does not create an employment contract, implied or otherwise, and all employees in this position are employed “at-will.”