Information Security Compliance Officer

Information Security Compliance Officer

Required Qualifications & Certifications:Education

• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science, or a related field.
• A master’s degree in information security, Risk Management, or Compliance is a plus.

Certifications (Highly Valued)

• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Lead Auditor / Implementer
• CRISC (Certified in Risk and Information Systems Control)
• GDPR Certification (e.g., IAPP CIPP/E, CIPM for data protection compliance)

Experience Requirements:

• 3–5+ years of experience in Information Security, Compliance, or IT Risk Management.
• Experience with regulatory frameworks in UK & EU:GDPR (General Data Protection Regulation)ISO 27001 (Information Security Management Systems)Cyber Essentials Plus (UK government-backed security framework)DORA (Digital Operational Resilience Act) – EU financial sectorPCI-DSS (if handling payment data)
• Experience in:
  • Managing vendor risk assessments for third-party compliance.
  • Handling incident response & reporting (e.g., Data Breach Notifications under GDPR).

Key Skills & Technical Knowledge:

• Deep understanding of data protection laws (UK GDPR, EU GDPR, DPA 2018).
• Familiarity with risk management frameworks like NIST CSF, CIS Controls, and ISO 27005.
• Experience with cyber security tools (e.g., SIEM, Malware Protection, Firewalls and others) is a plus.
• Strong reporting and communication skills—ability to brief executives and regulators.
• Ability to design, implement, and enforce security policies.

Key Responsibilities:

• Ensure compliance with GDPR, Cyber Essentials Plus, PCI-DSS, and other applicable standards.
• Align ISMS activities with ISO 27001 framework.
• Develop and implement security policies, controls, and procedures.
• Conduct security risk assessments & compliance audits.
• Manage incident response & data breach reporting (ICO & EU authorities).
• Liaise with regulators, legal teams, and third-party auditors.
• Deliver security awareness training across the organisation.

Other Considerations:

• Industry Expertise: In-depth knowledge of DORA, EBA ICT Guidelines, and Basel III.
• Communication Skills: Proactive and effective communicator, capable of collaborating with diverse teams and stakeholders.
• Continuous Development: Strong ability and desire to learn, adapt, and enhance personal and professional skills.

#J-18808-Ljbffr…