Job description
Risk & Compliance Manager
We are working with a scaling technology start-up who over the past couple of years has built a first-class global client list and is now looking to appoint a Risk & Compliance Manager to their team. You will be their first hire in this space and will be responsible for running their compliance & information security program and its related governance activities across the organisation. You will own the operation and continuous improvement of our Governance Framework and its policies, controls, and related processes.
They will be looking for you to maintain a first-class risk compliance program while moving at start-up velocity. You will value automation and operational excellence and can leverage internal tools and resources to drive continuous improvement across business operations and real-world security. Success in this role will set you up to become a key governance, risk & compliance leader as they continue to scale.
For this role, you will have previous experience in internal risk/audit/compliance teams either as a senior member or lead, strong analytical and problem-solving skills, and great written communication skills.
You will be able to analyse compliance frameworks, applicable regulations, and supporting standards (e.g., NIST SP 800-88, ISO 22301, etc) and give advice accordingly. You will also be constantly updating your knowledge as the market evolves to make sure they are up to date with the latest governance etc
You will be able to analyse compliance frameworks, applicable regulations, and supporting standards (e.g., NIST SP 800-88, ISO 22301, etc) and give advice accordingly. You will also be constantly updating your knowledge as the market evolves to make sure they are up to date with the latest governance etc
In this position, you will:
- Facilitate all regular compliance activities such as security & compliance training, risk review meetings, policy reviews, and SIRP/BCP Plan testing
- Answer and respond to client security queries and security questionnaires
- Build internal apps on their platform to enable key processes and information management
- Analyse, manage, and advise on existing and emerging compliance obligations including SOC 2, ISO 27001, HIPAA, and GDPR
- Drive compliance through internal audits, risk assessments, and stakeholder meetings
- Lead external audits for SOC 2 and ISO 27001 including all scoping, planning, and fieldwork
- Strongly advocate their security controls and processes when engaging with clients and auditors
- You will need to have great communication skills as you will be working across the organisation with key stakeholders, as well as clients and external auditors.
Experience in working with high-growth teams or in a start-up would be beneficial but not essential. They are really looking for the right person, someone that is passionate about their field and really wants to be able to help a company shape their security and compliance and help them scale.