Compliance Lead, Information Security

**Compliance Lead, Information Security**

**Location: Remote**

**Department: IT**

**Reports to: Cyber Security Manager**

**Type: Full-time**

CAI Software is a leading provider of manufacturing ERP and production software solutions to more than fifteen vertical end markets in the process (food & beverage and chemicals), discrete (A&D, automotive parts) and distribution (food) sectors.

**About the Role**

**Key Responsibilities**

1. Compliance Program Management
- Lead and maintain compliance initiatives for ISO 27001, SOC 2 Type II, PCI DSS, and GDPR.
- Develop, implement, and maintain security policies, procedures, and controls aligned with regulatory and industry standards.
- Manage internal and external audits, coordinate evidence collection, and ensure timely remediation of findings.

**2. Risk Assessment & Governance**
- Conduct risk assessments to identify potential compliance gaps or control deficiencies.
- Collaborate with technical teams to implement mitigation plans and monitor progress.
- Support continuous improvement of the organization’s information security management system (ISMS).

**3. Documentation & Reporting**
- Maintain comprehensive documentation of compliance efforts, audit reports, and corrective actions.
- Provide regular updates and metrics to senior leadership on compliance posture.
- Ensure version control and accuracy across all security compliance documents.

**4. Cross-Functional Collaboration**
- Partner with internal departments to align business operations with compliance obligations.
- Provide guidance on security compliance requirements for new systems, vendors, and technologies.
- Support the training and awareness program to foster a culture of security and compliance.

**5. Audit & Certification Readiness**
- Serve as the primary contact for auditors, assessors, and certification bodies.
- Prepare and execute internal readiness reviews prior to external audits.
- Maintain ongoing compliance between audit cycles to ensure audit readiness at all times.

**Qualifications**
- Bachelor’s degree in Information Security, Information Technology, or a related field (or equivalent experience).
- 5+ years of experience in security compliance, audit management, or information security governance.
- Hands-on experience with ISO 27001, SOC 2 Type II, PCI DSS, and GDPR frameworks.
- Strong understanding of risk management, control design, and information security principles.
- Excellent project management, documentation, and communication skills.
- Preferred certifications: CISA, CISM, CISSP, or ISO 27001 Lead Implementer/Auditor.

**What You’ll Gain**
- Opportunity to drive compliance initiatives that impact organizational security and trust.
- Exposure to enterprise-level security frameworks and audit processes.
- Collaboration with technical and executive stakeholders across departments.
- Professional development in compliance leadership and risk management.