Security Regulatory Compliance Manager - Mobile Telecoms
Permanent
Reading – Hybrid-working - 2 days/week in office
Context:
Reporting to the Head of Information Security, the Security Regulatory Compliance Manager is integral to safeguarding the organization's assets, ensuring smooth operations, and maintaining a positive reputation with key stakeholders, regulators, and the wider industry. This role ensures compliance with security regulations such as TSA, DPA, and CSR, supporting program delivery, security teams, and managed service providers.
This role is also fundamental in ensuring The Company meets its regulatory obligations under TSA by maintaining its ISO27001 certification.
What you can expect to be doing:
* Deliver security regulatory compliance and manage associated governance and risk activities.
* Manage the overall compliance programme for TSA, CSR, and DPA regulations as well as assembling evidence for continuous compliance activities such as S135 returns.
* Balance regulatory compliance with business impact, ensuring controls are effective without hindering business operations.
* Oversee Managed Service Providers (MSPs) who manage IT and security for The Company. Ensure they meet security regulatory compliance and Company security requirements.
* Chair and manage various governance forums. Gain agreements, understand and communicate issues, and guide stakeholders to agreeable positions.
* Co-operate with other members of the security, commercial teams as well as the wider business to drive supply chain eco-system to improved compliance.
* Effectively maintain and improve the compliance platform (SureCloud), the workflow process and data, ensure this stays up to date with the evolving compliance and framework landscape.
* Liaise with shareholder compliance and risk teams.
What we are looking for:
* Strong understanding of key Information Security frameworks and industry standards/regulations (CSF 2, CAF, ISO27001, TSA).
* Experience of initiating, overseeing, and managing compliance programmes and interacting with regulators and compliance teams.
* Proven relationship management of diverse teams of retained resource and key partners to deliver compliance objectives and outcomes.
* Experience of formal regulatory and standards compliance in a technology industry (mobile telecommunications desirable but not essential).
* A background of assuring a wide range of security solutions and services such as SIEM, IDS, SOC, IAM, PAM, TVM.
* A history of bringing industry best practice into an organisation and using this to drive continuous improvement.
* Demonstrable experience of managing and developing compliance programmes
Nice to have:
* ISO27001 audit experience, cloud security and budget management experience
* Experience working in telco or related environment such as, SCADA and ICS or similar background also applicable.