Job Summary
The Security and Compliance Administrator is responsible for implementing, managing, and maintaining the organization’s information security posture while ensuring compliance with applicable regulatory requirements, industry standards, and internal policies. This role works closely with IT, Legal, Risk, and Business teams to protect organizational assets, reduce risk, and support audits and compliance initiatives.
Key Responsibilities
Security Management
Design, implement, and maintain security controls, policies, and procedures to safeguard systems, networks, and data
Monitor security events, vulnerabilities, and threats; investigate and respond to incidents
Manage security tools such as SIEM, DLP, endpoint protection, IAM, and vulnerability scanning solutions
Conduct regular risk assessments, penetration testing coordination, and security reviews
Ensure secure configuration and hardening of servers, applications, and cloud environments
Compliance & Governance
Ensure compliance with regulatory and industry frameworks (e.g., ISO 27001, SOC 2, GDPR, HIPAA, PCI-DSS, NIST, CIS)
Lead and support internal and external audits, assessments, and compliance reviews
Maintain compliance documentation, policies, standards, risk registers, and evidence repositories
Track regulatory changes and assess their impact on organizational security posture
Support third-party/vendor risk assessments and due diligence
Policy & Awareness
Develop, update, and enforce information security policies, standards, and guidelines
Conduct security awareness and compliance training for employees
Promote a culture of security and compliance across the organization
Collaboration & Reporting
Work closely with IT, DevOps, Legal, HR, and business stakeholders to ensure security-by-design
Provide regular security and compliance reports to management and leadership
Support business initiatives by providing security risk evaluations and recommendations
Required Qualifications
Bachelor’s degree in Information Security, Computer Science, IT, or a related field
6+ years of experience in information security, compliance, governance, or risk management
Strong knowledge of security frameworks, regulatory standards, and compliance requirements
Hands-on experience with security technologies and controls
Experience supporting audits and regulatory assessments
Strong analytical, documentation, and problem-solving skills