Vacancy Name
Information Security Compliance Manager
Vacancy No
VN3475
Employment Type
Full Time
Work Place
Location City
Andover
Location Country
United Kingdom
Role Pitch
CloudPay is looking for a highly motivated Information Security Compliance Manager to support the rapid expansion of the company. The Information Security Compliance Manager will ensure that our payroll and payment products and services comply with industry regulations, security standards, and internal policies. Working closely with technology, legal, and operational teams, the successful candidate will drive security initiatives, conduct risk assessments, and manage internal and external audits to uphold a strong security and compliance posture.
Key Responsibilities
Daily Duties and Main Responsibilities will include:
1. Policy and Process Development
Develop and enforce policies that comply with regulations and standards such as GDPR, ISO27001, SOC2, and NIST. Continuously monitor evolving regulations and standards to assess relevant impacts to the security framework at CloudPay. Work closely with stakeholders to advise on the appropriate implementation of security policies to protect customer data. Ensure that policies are communicated to all employees.
2. Audit and Security Assessments
Prepare for and support external audits related to information security such as ISO27001, ISO22301 and SOC. Support the vendor assurance team with the interpretation and review of security elements of compliance assessment responses. Work closely with stakeholders on information security questionnaires from prospects and existing customers.
3. Security Risk Assessment Management
Conduct security risk assessments on new products or enhancements to existing products, working with stakeholders to advise on risks and potential mitigation strategies. Work with product and development teams to ensure security controls are embedded into new products and enhancements. Act as subject matter expert to advise stakeholders on the security impacts of new products, services and partnerships.
4. Incident Response and Reporting
Work closely with the technology teams on security incidents to ensure compliance with Incident Response Plans. Support relevant teams with communications and root cause analysis. Monitor and ensure that actions arising from security incidents are logged and managed through to completion.
5. Continuous Improvement and Monitoring
Monitor the effectiveness of security controls through periodic assessments and identify areas for improvement. Ensure that nonconformities are appropriately captured and managed through to completion.
Description
Attributes and Experience Required:
1. Proficiency in creating and maintaining information security policies and procedures to a high-quality standard
2. Strong, practical knowledge and experience with ISO27001 and SOC frameworks, including implementation and compliance analysis
3. Comprehensive knowledge of common information security technologies, tools, and best practices (i.e. Microsoft Azure, Vulnerability Management, Incident Management, Risk Analysis, Security Awareness and Training etc.)
4. Experience in conducting risk assessment and implementation of security controls
5. Exceptional attention to detail
6. Ability to use initiative to solve problems
7. Ability to work autonomously when required
Preferred
CISSP, CISM, CRISC, CISA, PCI-DSS certification, or other relevant certifications preferred. Experience working in a global technology company. Experience of working in financial services.
Benefits
Package and Benefits:
1. Competitive annual salary
2. 25 days annual leave, plus bank holidays
3. Flexible remote working
4. Birthday leave
5. Flexible pension contribution
6. Life assurance x4
7. Private medical insurance
8. Earned Wage Access (via CloudPay Now app)
9. Personal and professional development opportunities
10. Friendly working environment
CloudPay is committed to being an equal opportunities employer.
#J-18808-Ljbffr