Jobs · himalayas
Security Compliance Program Manager
Nimbus Data Systems · Colombia · Posted 31d ago
About the role
Support development and implementation of security compliance programs for client environments, focusing on SOC 2 and ISO 27001.
Security Compliance Program Manager senior-level security, audit, and compliance professional responsible for supporting the development, implementation, and operationalization of SOC 2, ISO 27001:2022, NIST CSF, and related security procedures for client environments. This role is intended for an experienced professional with 10–16 years of progressive experience across information security, IT audit, cyber risk management, compliance frameworks, technical controls, and stakeholder-driven implementation. The Cyber Security Engineer (L7) will work alongside an existing long-term consultant to transform audit requirements, security controls, documented procedures, evidence collection processes, user-awareness initiatives, and internal-audit findings into sustainable operational practices. The ideal candidate will possess hands-on experience with SOC 2 Type 1 and Type 2 audits, ISO 27001 implementation and certification readiness, internal audit support, control mapping, evidence management, process documentation, KPI tracking, security-awareness programs, change management, and security governance. This role will collaborate closely with client leadership, security stakeholders, HR, Finance, Operations, Engineering, Technology, Business Development, Purchasing, and international business units to advance security maturity and certification readiness. 10–16 years of professional experience in cybersecurity, information security, IT audit, GRC, risk management, infrastructure security, security engineering, or related disciplines. Hands-on experience supporting SOC 2 Type 1 and/or Type 2 audits, including control documentation, evidence collection, auditor interaction, remediation planning, and recurring control operation. Strong working knowledge of ISO 27001, including ISO 27001:2022 requirements, Annex A controls, internal audits, risk treatment, documented information, and management-system practices. 6 Page 5 Confidential - Copyright © 2026, Veritas Automata, LLC - Nimbus Data Systems , All Rights. Experience aligning security programs with frameworks such as NIST CSF, CIS Controls, ISO 31000, ISO 22301, HIPAA, HITRUST, PCI DSS, GDPR, LGPD, or DFARS-related requirements. Demonstrated ability to create and operationalize policies, procedures, standards, control narratives, process documentation, and evidence-management workflows. Experience working with cross-functional business and technology stakeholders to obtain audit evidence, drive process adoption, and close control gaps. Strong understanding of technical security domains, including: Access Control Identity and Access Management (IAM) 2 Vulnerability Management Incident Response Change Management Logging and Monitoring Endpoint Security Network Security Cloud Security Business Continuity Experience working directly with senior stakeholders and control owners to improve security maturity and track measurable progress. Practical experience using Jira, Confluence, spreadsheets, dashboards, or GRC platforms to manage audit readiness, KPIs, findings, and remediation plans. Strong written and verbal communication skills in English. Veritas Automata is a technology consulting and software development company dedicated to delivering innovative solutions that drive business success. We combine expertise in automation, AI, and advanced technology to enhance operational efficiency and streamline complex processes. Our teams build modern, intelligent, and scalable solutions that empower clients across regulated industries, enterprise platforms, and next-generation AI ecosystems. We are committed to innovation, ownership, and delivering measurable outcomes for our clients and partners. Nimbus Data Systems , powered by Veritas Automata, is a South America-based delivery and talent entity that supports Veritas Automata’s global delivery model. We specialize in providing comprehensive solutions, including turnkey enterprise-grade application development, managed development teams, staff augmentation, and strategic consulting via our Veritas Automata Services Team. Originally posted on Himalayas
Read the full posting on himalayas →
FAQ
Is the Security Compliance Program Manager role at Nimbus Data Systems remote?+
This Security Compliance Program Manager position is listed as remote (Colombia).
What seniority level is this Security Compliance Program Manager role?+
This is a senior level position.
How do I apply for the Security Compliance Program Manager role at Nimbus Data Systems?+
Use the "Apply on himalayas" button to open the original posting on himalayas, where you can submit your application directly to Nimbus Data Systems.