Information Security Compliance Manager

IT – Information Technology Southampton, United Kingdom


Main duties include:

  • To lead on the operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies/procedures and applicable laws and regulations.
  • Create and maintain security policies and standards supporting regulatory requirements, frameworks and best practices
  • Producing security metrics and supporting KPI & KRI (key risk indicators) reporting activity
  • Facilitation of security and compliance audits
  • Coordinate audit responses, ensuring adequate and realistic responses to findings
  • Leading information security risk management and assessment activities
  • Assist in responding to RFP and RFI and meeting with customers to discuss security topics as necessary


Experience and skills needed

  • 5+ years of experience in risk, audit or other control function-type areas
  • Technical writing and good written English. Ability to write policies and standards in a clear manner that can be understood by non-technical people
  • Adept in creating reporting and presentations which simplify complex themes into understandable communications
  • Strong analytical and problem-solving skills and the ability to "think-out-of-the-box"; Adaptable to change and ability to self-manage your workload in a fast-paced environment
  • Methodical and self-organised with ability to go into and follow-up on the details
  • Ability to understand and interpret regulations, regulatory guidance and apply such in a practical manner in an operational environment
  • Understanding of the Regulatory requirements as applicable to cloud technologies
  • Understanding of cloud control frameworks, their operation and limitations
  • Strong understanding of information security controls & ISMS standards such as ISO27001/2, CobIT, CRISC etc.
  • In-depth knowledge ISO 27001 ISMS management & administration experience
  • In-depth knowledge of ISO 27001 Annex A controls
  • In-depth knowledge of GDPR and national data protection laws
  • Experience with SOC2 compliance standards
  • Demonstrable knowledge of cyber threat mitigation, information security and risk management
  • Appropriate technical knowledge and understanding of infrastructure services (Server, Network, Telephony, Cloud, etc.)


Certification Requirements

  • Preferably, one or more (or working toward one or more) of the following: CIPP, CIPT, CIPM CISSP, CRISC, CISA


NICE is committed to provide an environment based on equal opportunity for all qualified applicants and employees. It is the policy of NICE to afford equal employment opportunities to qualified individuals, regardless of age, race, color, creed, religion, citizenship, ancestry, national origin, sex, gender, pregnancy, mental or physical disability, marital status, veteran status, service in the Armed Forces, sexual or affectional orientation, atypical hereditary cellular or blood traits, genetic information, status as a victim of domestic or sexual violence, and/or any other status protected by any applicable federal, state and/or local statute or regulation.