Compliance Analyst
Middlesbrough or Gerrards Cross (Hybrid – 2 days a week in office)
Do you want to help shape software that affects thousands of lives?
Who are we?
We are ranked as the UK’s #1 construction specific software player and our mission is simple; to provide market leading end-to-end software solutions to the construction and construction like industries across the entire build life cycle.
If you are looking to build an exceptional career with an award-winning company you’ve come to the right place. Our teams are based in the UK, Europe, and India, working on products that are used on a global scale. We have a clear and defined road map to deliver over the next 3 years, which is centred around a large-scale digital transformation as well as continuing our growth and expansion.
We embrace diversity and equality and want our employees to be comfortable bringing their whole selves to work. We are committed to building a team with a variety of backgrounds, skills and views. Creating a culture of Equality isn’t just the right thing to do, it improves every aspect of our business.
Purpose
The Compliance Analyst will report to the Head of Governance, Risk and Compliance and will support the ongoing and growing governance arrangements, monitoring and improvement of security, privacy and compliance based controls.
To be successful in the role you will need to knowledge and experience in how security, privacy and compliance frameworks operate, and how controls need to be applied across disciplines such as ISO27001, SOC2, Cyber Essentials, ISO9001, and Data Privacy to effectively monitor compliance activities.
Responsibilities
Governance:
* Supporting the Head of GRC and enforcement of governance policies to ensure data integrity and compliance with relevant requirements (customer, certification, regulation).
* Provide guidance on implementation, monitoring, and evidence collection to demonstrate alignment with industry-recognised control frameworks.
* Support compliance management framework by providing monitoring and measurement inputs and overview of risk posture.
* Contribute to the maintenance and review of security, privacy and compliance controls in place in support of standards, certifications schemes, and customer requirements
* Assist in reviewing and maintaining compliance policies, procedures, and guidance documents to align with regulatory changes and industry best practices
Risk Management:
* Support and enhance risk management process and risk culture
* Contribute to the identification of risk, ownership and strategies for mitigation
* Assist with risk reviews and reporting all levels
Compliance Monitoring:
* Regularly monitor controls to effectively evaluate compliance; security, privacy and compliance based disciplines; working with control owners and obtaining evidence and assurance of controls being met (customer, certification, regulation)
* Effective management of control evidence, meeting business and customer obligations
* Providing recommendations for improvements, and ensuring all risks/issues are effectively recorded
* Maintain comprehensive list of control requirements such as Statement of Applicability, working in collaboration control owners to ensure all controls are understood and operating
* Assist the Head of Governance, Risk and Compliance with overseeing and enhancing the Compliance Framework.
* Support the Head of GRC on responding to customer queries and questionnaires in relation to controls
* Help promote a compliance culture
Key Skills, Experience and Qualifications
* Knowledge of industry frameworks; Essential ISO27001, Data Protection. Desirable ISO9001, OWASP, NIST, ITIL/ISO20000
* Experience of working with security, privacy and compliance control requirements
* Strong analytical and problem-solving skills to assess compliance through regular monitoring enabling the identification of weakness/risk
* Support Head of GRC with the planning, scheduling, and management of issues related to audit, compliance, and risks
* Strong attention to detail and ability to review policies and processes and identify compliance obligations
* Knowledge of record management and data handling principles
* Ability to build relationships at all levels and collaborate with cross-functional teams
* Excellent verbal and written communication skills to effectively convey compliance issues and areas of risk
* Experience working with technical teams; for example, IT, Development/Engineering, Security
* Relevant qualifications such as ISO27001 Lead Auditor/Implementer, or demonstrable experience
* Support Head of GRC with internal and external audit requirements
* Ability to build relationships at all levels within the business where required and collaborate with technical teams across infrastructure and application delivery.
* Demonstrate a desire to learn and develop yourself.
* Proactive and always looking at ways to improve things, with the confidence to make suggestions.
* A keen eye for detail and can explain compliance requirements, benefits and risks to all levels.
* Ability to travel as required overseas, where required.
What you get from us:
If you're looking to build an exceptional career with an award-winning company you’ve come to the right place. We believe everyone at Causeway has a vital role to play in our success. Causeway is fuelled by curiosity and is a place for people who beam with positivity and burn with ambition.
Our team is everything, so we’ll take good care of you. In fact, we give well-being the same priority as our other business goals. We’re strong advocates of work-life balance, offering hybrid working alongside the opportunity to work from modern, collaborative offices.
Benefits
As a leader in employee engagement and people management, there are fantastic benefits and rewards at Causeway. We strive, year on year, to achieve recognition as an award-winning workplace that our employees love. We’ve selected just a few of the many benefits available below to show you how we take care of our Causeway stars.
* 25 days annual leave + public holidays, increasing with length of service.
* 4% matched pension.
* Income protection and life assurance.
* Access to our award-winning benefits platform.
* We take mental health seriously and have a dedicated EAP available 24/7.
* £100 allowance towards a fitness club.
* Dell discounts.
* Private Medical Insurance.
* Paid study leave + volunteering days.
* Car Scheme.
Like all responsible companies Causeway is aware of the need to recognise the importance of protecting our environment and addressing the climate emergency. Causeway is a carbon neutral company and we offset our calculated carbon footprint. However, we recognise that offsetting is not a permanent solution, so we set environmental objectives to reduce our footprint year-on-year.