Job Description

Key Responsibilities

• Support our control framework covering current ISO certifications, SOC 2 Type II, PCI DSS, and Cyber Essentials Plus, and engage in the implementation of future ones (e.g. CRA and/or NIS 2).
• Ensure ISO readiness/compliance by conducting periodic internal audits and hosting ISO registrar audits, Deloitte Information Security audits, and Cyber Essentials Plus certifications.
• Conduct independent analysis, documentation, and remediation actions for detected audit observations via the company's Non-conformance process.
  • Ensure root cause analysis is properly identified and corrective/preventative actions are put in place promptly by the respective process owners.
  • Verify implementation and effectiveness of the corrective/preventative actions.
• Act as a subject matter expert, supporting and mentoring junior team members in compliance, audit processes, and non-conformance management.
• Support the Head of GRC and process owners in developing, documenting, reviewing, and communicating company processes and procedures to incorporate best practices in Quality Management and Information Security Management.
• Manage and enhance the compliance automation platform to streamline compliance activities.
• Support the Head of GRC and Risk Owners with the risk management process.

Skills

• At least 3+ years of experience in Compliance or Internal Audit within a multinational organization.
• Strong experience in performing internal audits and leading external audits for at least one compliance framework (e.g., ISO 27001, ISO 9001, ISO 22301, SOC 2 Type II, PCI DSS).You’re not expected to have expertise in all these frameworks, and if you’re unsure, please apply.
• Deep understanding of information security concepts, internal audit, and regulatory compliance.
• Previous exposure to cloud technologies and cloud security.
• Strong document management skills, including experience with Good Documentation Practices and policy/procedure reviews.
• Excellent English communication skills, with the ability to effectively engage with stakeholders across different levels and geographical locations.
• Comfortable managing multiple projects and working across diverse compliance initiatives.
• A risk-based approach to problem-solving and decision-making.

The Interview Process

• A screening interview with the Senior Talent Partner.
• Interview with the Head of Governance Risk & Compliance and the Risk & Compliance Analyst.
• Final stage interview with the Director of Information Security and the Head of Governance Risk & Compliance.