Information Security Compliance Manager
Southampton, United Kingdom
5d ago

Main duties include :

  • To lead on the operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies / procedures and applicable laws and regulations.
  • Create and maintain security policies and standards supporting regulatory requirements, frameworks and best practices
  • Producing security metrics and supporting KPI & KRI (key risk indicators) reporting activity
  • Facilitation of security and compliance audits
  • Coordinate audit responses, ensuring adequate and realistic responses to findings
  • Leading information security risk management and assessment activities
  • Assist in responding to RFP and RFI and meeting with customers to discuss security topics as necessary
  • Experience and skills needed

  • 5+ years of experience in risk, audit or other control function-type areas
  • Technical writing and good written English. Ability to write policies and standards in a clear manner that can be understood by non-technical people
  • Adept in creating reporting and presentations which simplify complex themes into understandable communications
  • Strong analytical and problem-solving skills and the ability to "think-out-of-the-box"; Adaptable to change and ability to self-manage your workload in a fast-paced environment
  • Methodical and self-organised with ability to go into and follow-up on the details
  • Ability to understand and interpret regulations, regulatory guidance and apply such in a practical manner in an operational environment
  • Understanding of the Regulatory requirements as applicable to cloud technologies
  • Understanding of cloud control frameworks, their operation and limitations
  • Strong understanding of information security controls & ISMS standards such as ISO27001 / 2, CobIT, CRISC etc.
  • In-depth knowledge ISO 27001 ISMS management & administration experience
  • In-depth knowledge of ISO 27001 Annex A controls
  • In-depth knowledge of GDPR and national data protection laws
  • Experience with SOC2 compliance standards
  • Demonstrable knowledge of cyber threat mitigation, information security and risk management
  • Appropriate technical knowledge and understanding of infrastructure services (Server, Network, Telephony, Cloud, etc.)
  • Certification Requirements

  • Preferably, one or more (or working toward one or more) of the following : CIPP, CIPT, CIPM CISSP, CRISC, CISA
  • Report this job

    Thank you for reporting this job!

    Your feedback will help us improve the quality of our services.

    My Email
    By clicking on "Continue", I give neuvoo consent to process my data and to send me email alerts, as detailed in neuvoo's Privacy Policy . I may withdraw my consent or unsubscribe at any time.
    Application form