December 02, 2019

Compliance Manager

Are you looking for an exciting opportunity to be a leader within a highly successful global payroll services business? Are you an innovative and experienced Compliance Manager?  Are you looking to take your career to the next level by driving success through our values of Respect, Integrity, Teamwork, Accountability, Diversity and Community? Do you have a strong work ethic, global mindset and the desire to help build a great culture?

 

iiPay is a high growth, innovative company, based in US, UK and Hungary focused on delivering an outstanding customer experience and service levels. Our payroll managed service is underpinned by our market leading global payroll management system delivering a unique client experience and value-added services.

 

iiPay has a unique opportunity for a highly experience and motivated Compliance Manager who wants to take on the responsibility of managing and improving its Information Security Management System, ISAE 3402/SOC1 processes and privacy and data protection controls.

 

 

Role overview

 

Our highly motivated and engaged team members are at the heart of our success!  This role requires the successful candidate to take the lead and provide a focal point for compliance management, security and information risk matters, to be responsible for maintaining, developing and improving information security at iiPay, including iiPay’s alignment with applicable data protection laws, money laundering regulations and internal/external information security requirements.

 

This position is based in Cheltenham, United Kingdom.

 

 

Key Objectives

 

The successful candidate requires experience, skills and a proven track record in the following areas:

Responsibilities:

  • To develop and maintain the information security policy and accompanying standards, procedures and guidance.
  • To develop and deliver a programme of planned security and compliance reviews and ensure any gaps are addressed.
  • Identify and assess information security risks and define appropriate mitigating controls; manage, co-ordinate and track risk reduction activities
  • To promote security awareness by developing and implementing a security awareness training programme.
  • To investigate suspected and actual security incidents in accordance with the security incident management standard, produce reports with recommendations and ensure any remedial action is taken.
  • Coordinate the continual development of the ISO/IEC 27001:2013 information security management system (ISMS) and the annual 3rd party audit/validation processes.
  • Undertake compliance audits based on ISO 27001 and DPA/GDPR requirements
  • Produce regular reports/compliance update for the Information Security Focus Group and the Leadership Team as required.
  • Respond to enquiries from team members and provide security advice as required.
  • Work with internal stakeholders to develop relationships to help promote and improve compliance practices and information security and provide security advice on procurements, projects and new initiatives as required to ensure information security risks are identified and are being addressed through the project process.
  • Work with external stakeholders, information security vendors and auditors as required.
  • Provide input to the wider development of the compliance and information governance strategy and business planning process.
  • Maintain currency with emerging security trends, risks, new guidance or standards (internal and external), security enhancing technologies, legislative and regulatory requirements.
  • To develop and maintain the internal data protection framework aligned with legislative and regulatory requirements.
  • Coordinate the maintenance and continual development of annual ISAE 3402/SOC 1 3rd party audit process.
  • Complete new customer on-boarding due diligence in line with organisation’s anti-money laundering policies and applicable legislative and regulatory requirements.

Qualifications/Skills:

  • Educated to degree level within a relevant field or substantial work experience within a similar role at a level demonstrating graduate ability.
  • Professional security qualifications and certifications such as Certified Information Security Manager (CISM), Certified Information Security Professional (CISSP), ISO 27001 Lead Implementer or working towards will be an advantage.
Requirements:

What we are looking for in you

 

  • Sound understanding of security frameworks (e.g. ISO27001/2, NIST); data protection and regulatory compliance.
  • Appropriate level of technical knowledge.
  • Good working knowledge of security practice covering the physical and logical aspects of information products, systems integrity and confidentiality.
  • Experience in designing, implementing and management of information security and compliance initiatives.
  • Good working knowledge of information security risk analysis/management.
  • Good working knowledge of information security business continuity and disaster recovery.
  • Excellent verbal and written communication skills; ability to articulate technical knowledge to non-technical audience; production of policy/procedure/project documentation.
  • Ability to lead and deliver change and contribute to culture change successfully.
  • Ability to influence at senior levels on matters relating to compliance, security and information risk.
  • Ability to manage time and prioritise appropriately, work under own initiative.
  • Positive attitude towards learning and development demonstrated by a record of continuing professional development.

 

What we can offer you? 

 

As well as offering you the opportunity to be innovative and ambitious, iiPay believe in offering a competitive salary, generous benefit package and a great culture and employee engagement initiatives, not to mention our other benefits below!

  • 25 days’ vacation plus Bank Holidays
  • Company Sick Pay
  • Pension Scheme
  • Private medical cover
  • Critical Illness cover
  • Death in Service cover
  • Monthly free breakfasts
  • Daily free fruit
  • Continuous development and financial assistance for education and professional memberships
  • Great company events!

 

Please note that we do not use agencies in our recruitment and cannot accept unsolicited CV.

Apply for job