Job Details

Our history:
From our start in 2009, Conexess has established itself in 3 markets, employing nearly 200+ individuals nationwide. Operating in over 15 states, our client base ranges from Fortune 500/1000 companies to mid-small range companies. For the majority of the mid-small range companies, we are exclusively used due to our outstanding staffing track record

Who We Are:
Conexess is a full-service staffing firm offering contract, contract-to-hire, and direct placements. We have a wide range of recruiting capabilities, from help desk technicians to CIOs. We are also capable of offering project-based work.

Position Summary

We are seeking a detail-oriented and technically proficient Compliance Officer to join our team. This role is critical in ensuring our organization maintains the highest standards of data security and regulatory compliance. You will be the primary lead for our ISO 27001 ISMS framework, bridging the gap between high-level regulatory requirements and technical implementation.

Key Responsibilities

Framework Management: Lead the implementation, maintenance, and continuous improvement of the ISO 27001 Information Security Management System (ISMS).

Audit Coordination: Act as the primary point of contact for external auditors and conduct internal audits to ensure ongoing compliance and "audit readiness."

Technical Liaison: Work closely with engineering and DevOps teams to translate complex compliance controls into actionable technical requirements.

Risk Assessment: Perform regular security risk assessments and business impact analyses to identify vulnerabilities and recommend mitigation strategies.

Policy Development: Draft, update, and enforce organizational security policies, ensuring they align with both ISO standards and evolving business needs.

Monitoring & Reporting: Develop metrics to track compliance health and provide regular reports to senior leadership.

Required Skills & Experience

• Regulatory Expertise: Experience managing ISO 27001 certifications; familiarity with related frameworks (e.g., SOC2, NIST, or GDPR) is a significant plus.
• Technical Savvy: You should be comfortable discussing cloud infrastructure (AWS/Azure/GCP), access management (IAM), and the SDLC. You don't need to write code, but you must understand how modern technical stacks function.
• Audit Leadership: Track record of successfully navigating external audits and managing remediation plans.
• Communication: Ability to explain complex regulatory requirements to non-technical stakeholders and technical implementation details to leadership.
• Analytical Thinking: Strong problem-solving skills with a focus on balancing security requirements with operational efficiency.

• Relevant certifications such as CISA (Certified Information Systems Auditor), CISM (Certified Information Security Manager), or ISO 27001 Lead Implementer/Auditor.
• Experience in a fast-paced technology or SaaS environment.
• Experience using compliance automation software (e.g., Vanta, Drata, or Anecdotes).