Risk & Compliance Specialist at Sama

About the Job:

The Risk & Compliance Specialist is responsible for advocating and monitoring compliance through controls, policies, standards, and procedures. In this role, you will be working with the Risk and Compliance Lead in the Global Service Delivery and Trust teams to achieve and maintain government, and other regulatory framework requirements such as GDPR, TISAX & CCPA and industry certifications (namely but not limited to SOC2, ISO 27001, ISO 9001, ISO 22301).

You will also be responsible for driving our current compliance efforts, managing the external & internal audit plans, updating existing controls, assisting in maintaining certifications, and participating in mapping future certifications.

Key Responsibilities: 

• Participate in the review of compliance and audit-related matters. Auditing existing security systems, processes and protocols and developing corrective actions/plans to fix identified gaps
• Support and evaluate the performance of a team of auditors within the Compliance unit or the organization.
• Work with all business functions to understand the security risks and compliance requirements, develop and maintain the security & compliance roadmap & strategy
• Develop and maintain compliance & security documentation, policies, guidelines, frameworks, standards, and procedures.
• Communicate policies and procedures to stakeholders inside the company.
• Support in the implementation of compliance & security standards, regulations, and best practices for the organization namely but not limited to SOC2, ISO 27001, CCPA, and GDPR.
• Support global compliance & security awareness strategy and programs fostering a culture where compliance & security is everyone’s responsibility.
• Work with the Risk and Compliance Lead and head of departments about SOC, CCPA & GDPR compliance program and their assigned controls and recommend improvements to teams for their assigned controls.
• Ensure compliance with critical controls on a regular basis.
• Participate in audits by external and internal auditors. This could be audited for client requirements, ISO standards, and any other applicable audit requirements.
• Assist with the facilitation of certifications which include, but are not limited to, ISO 9001, BCP, and ISO 27001.
• Play a key role in partnering with Sales and Customer Success teams to close business and ensure customers understand our security posture.
• Respond to requests in a timely manner from the Risk and Compliance Lead to meet service level agreement commitments for responding to customer and prospect requests.
• Identifying gaps with controls assigned to Sama teams.
• Assist in determining whether supplied artefact (s) by teams meets SOC, CCPA, ISO, GDPR & client SOW requirements.
• Support the Risk and Compliance Lead in writing Section III of the SOC2 report where necessary.
• Support Enterprise Risk Management processes and framework adherence across Global Service Delivery teams.

Key Requirements:

• Bachelor’s Degree
• 2-3 years of experience in a compliance role and/or security auditing role
• Knowledge of laws, legal codes, procedures, and other relevant regulatory standards.
• Strong analytical, investigative and critical thinking skills.
• Excellent verbal and written communication skills.
• Documenting and reporting skills.
• Attention to detail.

Good to Have:

• Certification as ISO auditor for ISO 9001, ISO 27001 & ISO 22301.
• Certification in risk & compliance management is an added advantage
• Projects involving coordinated efforts across large cross-functional teams
• Previous experience with CCPA & GDPR
• Interest and desire to obtain CISSP, CISA, or other globally recognized security, compliance, or audit certifications.
• Demonstrate prior auditor experience
• Prior experience conducting Training and Awareness sessions