Information Security Compliance Officer

London

 Guavapay Limited
Apply for this Job

Information Security Compliance Officer

Required Qualifications & Certifications:
Education

  • Bachelor's degree in Cybersecurity, Information Technology, Computer Science, or a related field.
  • A master's degree in information security, Risk Management, or Compliance is a plus.
Certifications (Highly Valued)
  • CISSP (Certified Information Systems Security Professional)
  • CISM (Certified Information Security Manager)
  • CISA (Certified Information Systems Auditor)
  • ISO 27001 Lead Auditor / Implementer
  • CRISC (Certified in Risk and Information Systems Control)
  • GDPR Certification (e.g., IAPP CIPP/E, CIPM for data protection compliance)
Experience Requirements:
  • 3-5+ years of experience in Information Security, Compliance, or IT Risk Management.
  • Experience with regulatory frameworks in UK & EU:
    GDPR (General Data Protection Regulation)
    ISO 27001 (Information Security Management Systems)
    Cyber Essentials Plus (UK government-backed security framework)
    DORA (Digital Operational Resilience Act) - EU financial sector
    PCI-DSS (if handling payment data)
  • Experience in:
    • Managing vendor risk assessments for third-party compliance.
    • Handling incident response & reporting (e.g., Data Breach Notifications under GDPR).
Key Skills & Technical Knowledge:
  • Deep understanding of data protection laws (UK GDPR, EU GDPR, DPA 2018).
  • Familiarity with risk management frameworks like NIST CSF, CIS Controls, and ISO 27005.
  • Experience with cyber security tools (e.g., SIEM, Malware Protection, Firewalls and others) is a plus.
  • Strong reporting and communication skills-ability to brief executives and regulators.
  • Ability to design, implement, and enforce security policies.
Key Responsibilities:
  • Ensure compliance with GDPR, Cyber Essentials Plus, PCI-DSS, and other applicable standards.
  • Align ISMS activities with ISO 27001 framework.
  • Develop and implement security policies, controls, and procedures.
  • Conduct security risk assessments & compliance audits.
  • Manage incident response & data breach reporting (ICO & EU authorities).
  • Liaise with regulators, legal teams, and third-party auditors.
  • Deliver security awareness training across the organisation.
Other Considerations:
  • Industry Expertise: In-depth knowledge of DORA, EBA ICT Guidelines, and Basel III.
  • Communication Skills: Proactive and effective communicator, capable of collaborating with diverse teams and stakeholders.
  • Continuous Development: Strong ability and desire to learn, adapt, and enhance personal and professional skills.
Date Posted: 06 May 2025
Apply for this Job
Show me similar jobs
Send me jobs by email