Compliance Lead

The Information Security Compliance Lead plays a crucial role within the Security Governance team, overseeing the effectiveness of security controls to ensure they meet regulatory requirements and client obligations. This position is responsible for identifying, reporting, and addressing security control gaps, and coordinating with control owners to mitigate threats to the organisation and the data it handles. The role includes managing the Information Security Management System (ISMS), keeping records up to date, and ensuring all governance activities are performed.

Responsibilities:

• Conduct compliance audits and reviews to ensure adherence to ISO 27001 and other relevant standards
• Continuously integrate and adhere to the ISO 27001 Information Security Management framework
• Perform regular control testing as part of an ongoing review program.
• Seek improvements in security processes to enhance the management of the ISMS and broader security controls
• Support Cyber Essentials Plus certification and carry out regular compliance testing
• Collaborate with external and internal auditors on certification, financial, and operational audits
• Assist with client audits and act as a subject matter expert for client questionnaires
• Ensure that policies and processes align with regulatory and client standards
• Develop and agree on risk and audit remediation plans with cross-functional teams, ensuring timely completion of mitigation actions
• Escalate significant risks or risk trends to senior leadership
• Manage the internal security assurance audit schedule
• Promote a culture of compliance and risk awareness within the organisation

Skills and Experience:

• Experience in operating, monitoring, and implementing security policies, standards, and controls across various frameworks
• Strong understanding of information security controls and technology
• Experience with security controls in cloud services
• Proficiency in managing and auditing ISO 27001 ISMS
• Experience with managing external audit activities and supporting internal audits
• Good knowledge of risk management

The ideal candidate will possess excellent interpersonal skills and be adept at communicating within a large organisation. A background in the security industry with extensive security knowledge is essential. Security certifications such as CISA, CRISC, ISO 27001 Lead Auditor/Lead Implementor are highly desirable, with additional security certifications being advantageous. A solid understanding of IT systems and security technologies is required.

Essential Characteristics:

• Service-oriented and proactive.
• Ability to perform effectively in a global organisation with diverse cultural challenges
• Methodical troubleshooting approach
• Capable of handling multiple tasks and projects under time constraints
• Excellent communication and collaboration skills
• Organized, self-motivated, and passionate about information security.
• Willingness to develop personal and professional skills, and support colleagues in their development

Key Relationships:

• Client Relationship Managers and clients
• IT and Security architects, project managers, engineers, and analysts
• IT Managers
• Broader Risk and Compliance functions, including Internal Audit and Data Privacy