Audit & Frameworks Senior Specialist

  • Full-time

Company Description

SmartRecruiters is a values-driven, global-minded, and well-funded tech employer on a mission to connect people to jobs at scale. As a global leader in enterprise recruitment software, SmartRecruiters offers a cloud-based global Hiring Success platform that allows teams to attract, select, and hire the best talent. 4,000 companies worldwide rely on SmartRecruiters to achieve hiring success—including brands like Bosch, LinkedIn, Skechers, and Visa—using recruitment marketing, CRM, AI, ATS, and a marketplace of 600+ connected vendors all within one scalable platform.


SmartRecruiters was recognized by Forbes as one of the Best Employers in 2020. We are proud to offer a collaborative, diverse, and remote-friendly work environment, as well as competitive salaries and generous equity. We believe in promotion from within, so high performance can lead to upward mobility. Needless to say, we make sure you’re taken care of. Our inclusive office environment welcomes and respects all.

Job Description

SmartRecruiters understands that data is the core of our business.That’s why we’ve built Information Security structures with the Security Council as the decision body and Board of Representatives as the execution team. Keeping data secure is very crucial to the work we do and that's why we put much effort into making it smart, easy and effective. 

SmartRecruiters needs to ensure that all of its applications and systems are compliant with ISO 27001/2, GDPR and SOC-2 regulations. It needs resources to facilitate the auditing of controls in place for compliance with those regulations, ensure that the technical teams have the evidence to prove their controls are in place, and if they are not, they need to work with the stakeholders and the technical teams to get them in place. 

Responsibilities

  • Oversee a varied and complex regulatory compliance program covering multiple domains and disciplines 

  • Managing the stakeholder expectation & partnering with stakeholders to ensure management of IT risks and compliance. 

  • Maintain regional and local stakeholder relationships, meeting schedules, minutes, reports 

  • Effectively implement and maintain SOC-2 framework 

  • Effectively manage ISO 27001  audits and coordinate with stakeholder improvements of ISMS 

  • Maintain, manage and monitor regional and local compliance to the ISMS frameworks such as the Risk Management, Asset and Access Management,  GDPR and SOC2 regulatory / legal and other obligations / requirements. 

  • Appropriately analyze security findings and participate in remediation of issues with control owner /assurance partners. 

  • Provide support in using evidence repositories to control owners. 

  • Provide support of policy/standards exceptions, report status to regional and local management, and advice on corrective actions. 

  • Prepare stakeholder presentations for stakeholders and senior leadership 

  • Understanding of risks and risk assessments

Qualifications

  • Compliance or auditing experience for one regulation – ISO 27001, GDPR and SOC-2 
  • Detailed knowledge of controls auditing principles with focus on SOC-2

  • Knowledge of controls manifestation in small global corporations with regional and local presence is required

  • Good understanding of coordination and facilitation  

  • Ability to investigate, question and interpret internal and external IT security and compliance issues 

  • Experience of working across business units and geographical boundaries to engage engineering, business and team members is required. 

  • At least 5 years of experience as an auditor 

Additional Information

SmartRecruiters is proud to be an Equal Employment Opportunity and Affirmative Action employer. We do not discriminate based upon race, religion, color, national origin, gender (including pregnancy, childbirth, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, or other applicable legally protected characteristics.

Privacy Policy