Job Description

Description:

Hexegic are looking for a Security & Compliance Officer to be responsible for our growing regulatory environment. We have held ISO27001, ISO9001, Cyber Essentials+ and various other UK Government compliance standards for several years and we are looking to further these with the likes of the Industry Personnel Security Accreditation (IPSA).


We have established policy and process which is agile and harmonised. As the company expands, we are looking to step change our approach with a full-time resource to manage this critical part of our business.


We are looking for an ISO27001 Lead Auditor level skillset who has worked with in both existing compliance environments but crucially has setup or developed systems against new frameworks without overburdening the organisation. The candidate should have strong analytical and problem-solving skills, excellent communication and interpersonal skills, be highly organised and able to review and write documents to a high standard. Previous experience of the UK Government security regime would be welcome.

Key responsibilities

Monitoring and Risk Assessment:


Conduct regular risk reviews with the leadership team


Identifying, analysing and mitigating risks to ensure compliance


Conducting regular compliance audits and assessments to identify potential issues


Monitoring regulatory developments and ensuring updates to the compliance policies and procedures


Policy and Procedure Development:


Own the management system, compliance policy and procedure documentation


Conduct regular review with stakeholders


Develop and implement new compliance programs as necessary


Reporting and Documentation:


Prepare and present reports on compliance findings to leadership


Conduct regular management reviews and audits with leadership


Lead regular internal audits ready for external assessments


Gather evidence of controls, policy and procedures for external audits


Security Assurance:


Undertake duties in support of the Security Controller


Conduct personnel security risk assessment in line with IPSA requirements


Complete regular supply chain and third-party security assurance


Investigation and Remediation:


Lead investigations into potential compliance breaches and recommend corrective actions


Supporting regulatory correspondence and information requests