Security Compliance Officer

Job summary

The role involves ensuring adherence to data privacy, security, and regulatory compliance standards, particularly in managing sensitive patient information. The Security Compliance Officer will oversee compliance with frameworks such as ISO 27001, SOC 2, and Cyber Essentials, playing a vital role in implementing and refining compliance strategies.

Qualifications

• Strong understanding of security and data protection laws, regulations, and standards.
• Proven impact in risk reduction and safeguarding sensitive data.
• Familiarity with modern engineering environments, CI/CD, Infrastructure as Code, and cloud platforms like Azure.
• Effective communication skills tailored to various audiences.
• Strong project management discipline.

Responsibilities

• Maintain the security governance model across relevant frameworks, including control inventory and ownership mapping.
• Develop policies, playbooks, and checklists based on frameworks and customer requirements.
• Manage internal and external security audits, addressing non-compliance issues and communicating findings.
• Utilize compliance automation tools and monitor compliance indicators.
• Maintain a live security risk register and partner with engineering teams to ensure compliance in technical processes.
• Act as a trusted advisor on security practices and provide insights to stakeholders.

Skills

• Proactive approach to compliance program development.
• Experience with compliance tooling and a willingness to explore new automation tools.
• Ability to partner effectively with external auditors and communicate findings clearly.

Education

• Bachelor’s degree in Computer Science/Information Technology or equivalent experience in security compliance or information security.