Job Description

Excellent opportunity for a Security & Compliance Manager in a growing tech company based in Cardiff.

These are exciting times for my international client who has continued to grow through the last 6 months at a rapid rate hence the need for a Security & Compliance Manager. This is a huge opportunity for the right person to be part of a growing company with an excellent culture that focuses on personal development and career progression.

This is an exciting opportunity for a highly motivated Security & Compliance Manager to join the team. Working closely with the CCO this is a role which has been created to monitor and manage the protection and security of the various data interfaces as well as to contribute to internal and external assurance activities. Ideally you will have experience of working in a technical environment.

Much of your time will be taken up working in conjunction with the CCO on the implementation and review of policies, standards and controls across the business. In addition, you will be responsible for the effective management of the ISO standards we have adopted and plan to adopt within the business, including the management and coordination of internal and external audits as well as managing any security incidents. Additionally, you will be responsible for assisting the Company fulfil their obligations for regulatory and government compliance.

Monitoring of Information Security and Compliance controls, including activities which necessitate triaging issues and engaging with line management to include:

• Undertaking and monitoring telecom compliance activities across the organization
• Managing ISO accreditations working with the various line managers currently responsible to maintain and improve each accreditation
• Ensuring security is enforced as per accreditations, to include PCI and ISO 27001:2013
• Data Protection management
• Proactively identify gaps or conflicts in existing processes or those identified in audits and work to develop solutions with various teams in the business
• Work with HR to assist in the education and training of process / controls so that employees better understand technology controls and their responsibilities
• Contribute to the improvement of the Information Security Management System including (through the trend analysis of non-conformances) policy reviews and content for awareness training
• Work with project teams to ensure new infrastructure implementations as well as process changes adhere to security best practice and meet all our standards
• Hosting and contributing to Company Audits
• Perform security risk assessments, tracking status of risk management and control actions in conjunction with GDPR
• Act as a key stakeholder in advising and consulting on the risk implications of key business change projects
• Work with the Internal Audit consultant to support pre- and post-internal audit activities (scope, build, action & implement), including Disaster Recovery and Business Continuity planning and testing
• Support business growth with new accreditations and standards and satisfying new compliance and legal requirements

Experience:

• experienced or accredited ISO 27001 lead: 2 years (Preferred)

Work remotely:

• Temporarily due to COVID-19

Required Knowledge, Skills, and Abilities

Experienced or accredited - ISO 27001 lead Auditor / Lead Implementer.Good understanding and experience of ISO27001:2013 standard and knowledge of ISO 9001 and ISO14001. Good understanding and experience of operation and management of risk, controls and compliance in corporate environments. Strong background and experience with audit methodologies and techniques and prior success conducting external or internal audits. Good understanding of Data Protection Standards and processes and procedures. Good understanding of governance and decision making in complex organizations. Experience of business process design, business process implementation, assessing business process effectiveness and identifying opportunities for improvement. Knowledge and experience of cyber security and information security principles and processes. Knowledge and experience of ITIL and IT services delivery processes. Excellent stakeholder management, communication and organizational skills. Knowledge and experience of IT project and change management approaches. Ability to build relationships while asking tough questions. Excellent written and oral communication ability. Strong time management and organizational skills.