Job description

Information Security Compliance Officer

Required Qualifications & Certifications:
Education
• Bachelor’s degree in Cybersecurity, Information Technology, Computer Science , or a related field.
• A master’s degree in information security , Risk Management, or Compliance is a plus.
Certifications (Highly Valued)
• CISSP (Certified Information Systems Security Professional)
• CISM (Certified Information Security Manager)
• CISA (Certified Information Systems Auditor)
• ISO 27001 Lead Auditor / Implementer
• CRISC (Certified in Risk and Information Systems Control)
• GDPR Certification (e.g., IAPP CIPP/E, CIPM for data protection compliance)
Experience Requirements:
• 3–5+ years of experience in Information Security, Compliance, or IT Risk Management.
• Experience with regulatory frameworks in UK & EU :
GDPR (General Data Protection Regulation)
ISO 27001 (Information Security Management Systems)
Cyber Essentials Plus (UK government-backed security framework)
DORA (Digital Operational Resilience Act) – EU financial sector
PCI-DSS (if handling payment data)
• Experience in:
• Managing vendor risk assessments for third-party compliance.
• Handling incident response & reporting (e.g., Data Breach Notifications under GDPR).

Key Skills & Technical Knowledge:
• Deep understanding of data protection laws (UK GDPR, EU GDPR, DPA 2018) .
• Familiarity with risk management frameworks like NIST CSF, CIS Controls, and ISO 27005 .
• Experience with cyber security tools (e.g., SIEM, Malware Protection, Firewalls and others) is a plus.
• Strong reporting and communication skills—ability to brief executives and regulators.
• Ability to design, implement, and enforce security policies .
Key Responsibilities:
• Ensure compliance with GDPR, Cyber Essentials Plus, PCI-DSS, and other applicable standards.
• Align ISMS activities with ISO 27001 framework.
• Develop and implement security policies, controls, and procedures.
• Conduct security risk assessments & compliance audits.
• Manage incident response & data breach reporting (ICO & EU authorities).
• Liaise with regulators, legal teams, and third-party auditors.
• Deliver security awareness training across the organisation.
Other Considerations:
• Industry Expertise: In-depth knowledge of DORA, EBA ICT Guidelines, and Basel III.
• Communication Skills: Proactive and effective communicator, capable of collaborating with diverse teams and stakeholders.
• Continuous Development: Strong ability and desire to learn, adapt, and enhance personal and professional skills.