Compliance Lead, Information Security Location: Remote Department: IT Reports to: Cyber Security Manager Type: Full-time CAI Software is a leading provider of manufacturing ERP and production software solutions to more than fifteen vertical end markets in the process (food & beverage and chemicals), discrete (A&D, automotive parts) and distribution (food) sectors. About the Role Key Responsibilities 1. Compliance Program Management - Lead and maintain compliance initiatives for ISO 27001, SOC 2 Type II, PCI DSS, and GDPR. - Develop, implement, and maintain security policies, procedures, and controls aligned with regulatory and industry standards. - Manage internal and external audits, coordinate evidence collection, and ensure timely remediation of findings. 2. Risk Assessment & Governance - Conduct risk assessments to identify potential compliance gaps or control deficiencies. - Collaborate with technical teams to implement mitigation plans and monitor progress. - Support continuous improvement of the organization’s information security management system (ISMS). 3. Documentation & Reporting - Maintain comprehensive documentation of compliance efforts, audit reports, and corrective actions. - Provide regular updates and metrics to senior leadership on compliance posture. - Ensure version control and accuracy across all security compliance documents. 4. Cross-Functional Collaboration - Partner with internal departments to align business operations with compliance obligations. - Provide guidance on security compliance requirements for new systems, vendors, and technologies. - Support the training and awareness program to foster a culture of security and compliance. 5. Audit & Certification Readiness - Serve as the primary contact for auditors, assessors, and certification bodies. - Prepare and execute internal readiness reviews prior to external audits. - Maintain ongoing compliance between audit cycles to ensure audit readiness at all times. Qualifications - Bachelor’s degree in Information Security, Information Technology, or a related field (or equivalent experience). - 5 years of experience in security compliance, audit management, or information security governance. - Hands-on experience with ISO 27001, SOC 2 Type II, PCI DSS, and GDPR frameworks. - Strong understanding of risk management, control design, and information security principles. - Excellent project management, documentation, and communication skills. - Preferred certifications: CISA, CISM, CISSP, or ISO 27001 Lead Implementer/Auditor. What You’ll Gain - Opportunity to drive compliance initiatives that impact organizational security and trust. - Exposure to enterprise-level security frameworks and audit processes. - Collaboration with technical and executive stakeholders across departments. - Professional development in compliance leadership and risk management.