CloudPay is looking for a highly motivated Information Security Compliance Manager to support the company’s rapid expansion.
The Information Security Compliance Manager will ensure that our payroll and payment products and services comply with industry regulations, security standards, and internal policies.
Working closely with technology, legal, and operational teams, the successful candidate will drive security initiatives, conduct risk assessments, and manage internal and external audits to uphold a strong security and compliance posture.
Daily Duties and Main Responsibilities will include:
1. Policy and Process Development
• Develop and enforce policies that comply with regulations and standards such as GDPR, ISO27001, SOC2, and NIST.
• Continuously monitor evolving regulations and standards to assess relevant impacts on the security framework at CloudPay.
• Work closely with stakeholders to advise on the appropriate implementation of security policies to protect customer data.
• Ensure that policies are communicated to all employees.
2. Audit and Security Assessments
• Prepare for and support external audits related to information security such as ISO27001, ISO22301 and SOC.
• Support the vendor assurance team with the interpretation and review of security elements of compliance assessment responses.
• Work closely with stakeholders on information security questionnaires from prospects and existing customers.
3. Security Risk Assessment Management
• Conduct security risk assessments on new products or enhancements to existing products, working with stakeholders to advise on risks and potential mitigation strategies.
• Work with product and development teams to ensure security controls are embedded into new products and enhancements.
• Act as subject matter expert to advise stakeholders on the security impacts of new products, services and partnerships.
4. Incident Response and Reporting
• Work closely with the technology teams on security incidents to ensure compliance with Incident Response Plans.
• Support relevant teams with communications and root cause analysis.
• Monitor and ensure that actions arising from security incidents are logged and managed through to completion.
5. Continuous Improvement and Monitoring
• Monitor the effectiveness of security controls through periodic assessments and identify areas for improvement.
• Ensure that nonconformities are appropriately captured and managed through to completion.
Attributes and Experience Required:
1. Proficiency in creating and maintaining information security policies and procedures to a high-quality standard.
2. Strong, practical knowledge and experience with ISO27001 and SOC frameworks, including implementation and compliance analysis.
3. Comprehensive knowledge of common information security technologies, tools, and best practices (i.e. Microsoft Azure, Vulnerability Management, Incident Management, Risk Analysis, Security Awareness and Training etc.).
4. Experience in conducting risk assessment and implementation of security controls.
5. Exceptional attention to detail.
6. Ability to use initiative to solve problems.
7. Ability to work autonomously when required.
Preferred:
1. CISSP, CISM, CRISC, CISA, PCI-DSS certification, or other relevant certifications preferred.
2. Experience working in a global technology company.
3. Experience working in financial services.
Package and Benefits:
1. Competitive annual salary.
2. 25 days annual leave, plus bank holidays.
3. Earned Wage Access (via CloudPay Now app).
4. Flexible working.
5. Birthday leave.
6. Flexible pension contribution.
7. Life assurance x4.
8. Private medical insurance.
9. Personal and professional development opportunities.
10. Friendly working environment.
CloudPay is committed to being an equal opportunities employer.
#J-18808-Ljbffr