Description:
Hexegic are looking for a Security & Compliance Officer to be responsible for our growing regulatory environment. We have held ISO27001, ISO9001, Cyber Essentials+ and various other UK Government compliance standards for several years and we are looking to further these with the likes of the Industry Personnel Security Accreditation (IPSA).
We have established policy and process which is agile and harmonised. As the company expands, we are looking to step change our approach with a full-time resource to manage this critical part of our business.
We are looking for an ISO27001 Lead Auditor level skillset who has worked with in both existing compliance environments but crucially has setup or developed systems against new frameworks without overburdening the organisation. The candidate should have strong analytical and problem-solving skills, excellent communication and interpersonal skills, be highly organised and able to review and write documents to a high standard. Previous experience of the UK Government security regime would be welcome.
Key responsibilities
Monitoring and Risk Assessment:
Conduct regular risk reviews with the leadership team
Identifying, analysing and mitigating risks to ensure compliance
Conducting regular compliance audits and assessments to identify potential issues
Monitoring regulatory developments and ensuring updates to the compliance policies and procedures
Policy and Procedure Development:
Own the management system, compliance policy and procedure documentation
Conduct regular review with stakeholders
Develop and implement new compliance programs as necessary
Reporting and Documentation:
Prepare and present reports on compliance findings to leadership
Conduct regular management reviews and audits with leadership
Lead regular internal audits ready for external assessments
Gather evidence of controls, policy and procedures for external audits
Security Assurance:
Undertake duties in support of the Security Controller
Conduct personnel security risk assessment in line with IPSA requirements
Complete regular supply chain and third-party security assurance
Investigation and Remediation:
Lead investigations into potential compliance breaches and recommend corrective actions
Supporting regulatory correspondence and information requests