About this role
The Security & Compliance Specialist is responsible for protecting our clients' digital assets and ensuring their IT environments adhere to necessary industry regulations and security standards. You will focus on preventative security measures, conducting in-depth risk assessments, managing security tools, and developing robust policies to mitigate threats. This role is critical in maintaining the integrity, confidentiality, and availability of client data, directly supporting SecureSkye's commitment to advanced cybersecurity.
What you’ll do
- Conduct comprehensive Security Risk Assessments (SRAs) to identify vulnerabilities, measure potential impact, and recommend actionable remediation strategies for clients.
- Manage and configure critical security infrastructure, including firewalls, Endpoint Detection and Response (EDR) solutions, and Security Information and Event Management (SIEM) systems.
- Develop, implement, and enforce security policies, protocols, and best practices to ensure client compliance with relevant standards (e.g., NIST, ISO 27001, HIPAA, or industry-specific regulations).
- Lead incident response efforts, investigating security breaches, analyzing root causes, and coordinating recovery with the technical teams.
- Provide security awareness training and education to client staff and internal teams to promote a culture of security vigilance.
- Stay current on emerging cybersecurity threats, regulatory changes, and new security technologies to continuously enhance client defense strategies.
- Prepare detailed reports and documentation outlining security posture, compliance status, and remediation progress for client stakeholders and vCIOs.
Requirements
- Proven professional experience (3+ years) in IT Security, Compliance Management, or Cybersecurity Consulting.
- Deep knowledge of common security frameworks and regulatory compliance requirements (e.g., NIST CSF, CIS Controls, HIPAA, SOC 2).
- Practical experience configuring and managing security hardware and software (e.g., Next-Gen Firewalls, SIEM tools, vulnerability scanners).
- Strong understanding of network protocols, authentication methods, and common attack vectors.
- Excellent analytical and problem-solving skills, particularly in root cause analysis for security incidents.
- Strong written and verbal communication skills, capable of explaining complex security concepts to both technical staff and business leaders.
- Relevant professional security certifications (e.g., CompTIA Security+, CISSP, CISM, or CRISC) are highly desirable.
