Valsoft Corporation is looking to hire a Portfolio Security and Compliance Manager to support across a growing portfolio in Europe!
We are seeking a proactive and experienced Compliance and Security Manager to join our Portfolio team at Valsoft Corporation, a leading investor in Vertical Market Software companies. The successful candidate will be responsible for ensuring that the portfolio companies are protected against cybersecurity risks and remains compliant with key standards and regulations such as ISO 27001, ISO 9001, GDPR, and other local regulations. This position is critical in safeguarding our infrastructure, services, and customer data.
This role is offered on a part time basis at 2-2.5 days per week (or similar).
Requirements
Key Responsibilities:
Cybersecurity Management:
1. Implement, and monitor comprehensive cybersecurity strategies in collaboration with the Valsoft Security team to protect against emerging threats.
2. Provide direction and oversight to ensure portfolio companies conduct risk assessments, identify and manage vulnerabilities effectively and efficiently, and perform annual penetration tests. Lead these efforts for smaller portfolio companies where security and compliance resources are lacking.
3. Work closely with IT and development teams to ensure secure coding practices, system configurations, and continuous monitoring.
4. Provide oversight and support to ensure portfolio companies have documented incident response, business continuity, and disaster recovery plans and procedures that reflect best practices.
5. Maintain and update cybersecurity policies and procedures for our portfolio companies, ensuring compliance with industry best practices and corporate security requirements.
6. Escalate and report any areas of concern identified to the Portfolio Management Team with a plan of action.
7. Ensure employee onboarding and offboarding procedures align with best practices.
Compliance Oversight:
1. Provide direction and oversight to portfolio companies to ensure they meet applicable compliance obligations such as ISO 27001, ISO 9001, and GDPR.
2. Serve as the lead resource and primary liaison for smaller portfolio companies during external audit engagements. This includes working on compliance-related deliverables (documentation, gathering of evidence, etc.) as well as leading meetings with external auditors.
3. Develop, implement, and manage data protection programs, ensuring all data privacy practices comply with GDPR and other applicable laws.
4. Advise leadership and staff on any relevant changes in legislation, standards, and compliance requirements and support policy updates as needed.
5. Act as Data Protection Officer and main point of contact with the ICO.
6. Liaise with customers regarding their data protection needs.
7. Provide advice and direction across the organisation in understanding the risks relating non-conformance to regulations.
8. Promote a culture of robust regulatory compliance and continuous improvement.
9. Document management; including ensuring all documents, policies, procedures, guidance, check lists are tracked, reviewed, up to date and stored correctly.
Training and Awareness:
1. Promote data protection awareness and understanding across the portfolio and ensure full employee participation in Valsoft's Security Awareness Training program.
2. Foster a culture of cybersecurity awareness and data protection within the organization.
3. Communicate compliance requirements and risk management strategies to all levels of the organization.
Risk Management:
1. Identify, evaluate, and mitigate risks related to information security and regulatory compliance.
2. Maintain a risk register and regularly report to senior leadership on the company's risk posture.
3. Collaborate with relevant teams to mitigate risks and ensure the continuity of business operations.
About you:
1. You have worked in a similar role with a record of driving compliance for the business, ideally leading the function or department or working closely with senior management team.
2. You have strong communication and documentation skills, are proactive in your approach, and can perform your core responsibilities while contributing to organisational and cultural awareness and change.
3. You can lead all compliance-related initiatives and understand the commercial implications of regulatory changes for our portfolio companies and their clients.
Qualifications:
1. Bachelor's degree in Information Security, Compliance, Computer Science, or a related field.
2. At least 5 years' experience of working with Senior Leaders to deliver change or results.
3. Professional certifications such as ISO 27001 Lead Auditor, CISM, CISSP, or equivalent are highly desirable.
4. Proven experience in compliance, cybersecurity, and risk management, preferably in the software and services sector.
Key Skills:
1. Cybersecurity strategy and implementation
2. ISO 27001, ISO 9001, and GDPR compliance management
3. Risk assessment and mitigation
4. Strong analytical and problem-solving skills.
5. Audit & InfoSec documentation development
6. Strong communication skills to inspire and educate others
Benefits
Private Medical Cover: The Company offers a private medical cover through Aviva of which you will be eligible for enrollment upon successful completion of your probationary period. The private medical cover is reviewed annually, and the Company reserves the right to change coverage with written notice. All benefits will be outlined to you at the time of enrollment.
Life Assurance: The Company offers a life assurance cover to the amount of x4 base salary of which you will be eligible for enrollment upon successful completion of your probationary period. The life assurance cover is reviewed annually, and the Company reserves the right to change coverage with written notice. All benefits will be outlined to you at the time of enrollment.
#J-18808-Ljbffr