Security Compliance Manager

As Security Compliance Manager, you will own and drive our information security compliance programmes, keeping us audit-ready and enabling commercial growth through credible, well-maintained security posture.

Key Responsibilities

• Lead ISO 27001 certification and surveillance audits end-to-end: scope definition, gap analysis, control implementation, internal audits, and external audit coordination.
• Own the SOC 2 Type II programme, including readiness assessments, evidence collection, and auditor liaison.
• Maintain and continuously improve the ISMS: policy library, control frameworks, risk register, and treatment plans.
• Facilitate periodic and event-driven risk assessments using a scenario-based approach; track remediation to closure.
• Author, review, and update security policies and standards in line with framework requirements and operational reality.
• Coordinate with engineering, infrastructure, and product teams to translate compliance requirements into implementable controls.
• Monitor and interpret regulatory developments across relevant jurisdictions: GDPR, NIS2, Switzerland's revDSG, Saudi PDPL, LGPD (Brazil), FERPA, and emerging education-sector requirements. Assess impact of regulatory changes on the compliance programme and advise the CISO on required adjustments.
• Maintain records of processing activities (RoPA) and support data protection impact assessments (DPIAs) in coordination with the DPO where applicable.
• Respond to customer security questionnaires and vendor assessments accurately and efficiently, maintaining a reusable response library.
• Serve as the compliance point of contact for customers, partners, and prospective clients on security and privacy matters.
• Conduct and maintain vendor risk assessments for critical and high-risk suppliers. Ensure third-party agreements include appropriate data processing and security obligations.

Professional Qualifications

• 3–5 years in information security compliance, GRC, or a closely related role.
• Demonstrated hands-on experience with ISO 27001 (implementation or certification, not just advisory) and SOC 2.
• Familiarity with GDPR and at least one additional privacy regulation; exposure to FERPA or education-sector compliance is a strong advantage.
• Technical background sufficient to engage credibly with engineering and DevOps teams: understanding fundamentals of cloud infrastructure, SaaS architecture, access control models, and software development practices.
• Strong written communication in English; ability to produce clear policy documents, audit evidence, and customer-facing compliance materials.
• Experience managing or responding to enterprise B2B security questionnaires (CAIQ, SIG, bespoke formats).
• Ability to manage multiple concurrent workstreams with competing deadlines without direct team support.
• Professional certification: ISO 27001 Lead Implementer or Lead Auditor is a strong advantage.
• German, Turkish, or Arabic language skills.