About this Role
We are seeking an experienced security assurance and compliance professional to take accountability for ensuring Vodafone Cloud & Infrastructure (VCI) adheres to all relevant cyber security regulations, statutory obligations, frameworks and internal standards. This role plays a critical part in protecting Vodafone’s infrastructure, services, data and brand by identifying compliance gaps, driving remediation, and embedding a risk-based Governance, Risk and Control (GR&C) approach across VCI. The individual will operate at senior stakeholder level, managing complex audits, regulatory expectations and cross-functional dependencies in a highly regulated, international environment.
What you’ll do
* Identify, interpret and map applicable regulatory, statutory and security requirements (including GDPR, NIS2, AI Act and country-specific regulations) relevant to VCI.
* Govern and conduct enterprise-wide risk assessments and gap analyses to assess compliance maturity and identify non-conformities.
* Design, introduce and operate a comprehensive Governance, Risk & Compliance (GR&C) framework using a risk-led methodology.
* Drive implementation and continuous improvement of security controls, processes and policies aligned to regulatory and Vodafone Group requirements.
* Establish and manage a global repository of control requirements to streamline audit evidence, reduce duplication and enable "Audit/Evidence/Compliance as a Service".
* Monitor ongoing compliance through continuous control evaluation and coordinate timely closure of identified gaps.
* Act as the primary point of contact for internal and external audits within the defined scope, including SOX and GDPR.
* Collaborate closely with Technology, Cyber Security, Finance, Legal and business teams to embed compliance into operational processes.
* Provide regular, clear reporting on compliance status, risks and remediation progress to senior leadership, including Group Technology leadership forums.
Who you are
* You bring over five years’ experience in cyber security compliance, regulatory assurance, risk assessments and audits.
* You have strong working knowledge of ISO 27001, NIST, GDPR and emerging EU regulations such as the Cyber Resilience Act and Post-Quantum Cryptography considerations.
* You have hands-on experience designing and operating GR&C methodologies and using compliance and risk management tools.
* You are confident developing policies, procedures and control frameworks, and coordinating across diverse international stakeholders.
* You communicate complex technical and regulatory topics clearly to both technical and non-technical audiences.
* You demonstrate analytical thinking, sound judgement and adaptability in the face of evolving regulatory and threat landscapes.
Not a perfect fit?
Concerned you may not meet every requirement? Vodafone is committed to creating an inclusive workplace where everyone can thrive. If you are excited about this role but your experience does not align exactly with every aspect of the job description, you are encouraged to apply. You may be the right candidate for this or another opportunity, and the recruitment team will support you in exploring where your skills fit best.
What's in it for you
* The opportunity to influence security and compliance strategy across a critical global technology function.
* Exposure to senior leadership and participation in high-impact regulatory and transformation initiatives.
* A collaborative, international working environment with strong cross-functional engagement.
* The ability to shape a future-focused, risk-led compliance model within Vodafone’s technology landscape.
What skills you will learn
* Advanced application of risk-based compliance and assurance methodologies at scale.
* Building and operating integrated audit and evidence management models.
* Navigating emerging EU and global cyber regulations within a complex enterprise.
* Strengthening stakeholder engagement and executive-level reporting in regulated environments.
VOIS Equal Opportunity Employer Commitment
Vodafone recognises and celebrates the value of diversity in building a workforce that reflects the customers and communities it serves. No form of discrimination is tolerated. This includes, but is not limited to, discrimination based on race, colour, age, veteran status, gender identity, gender expression, sexual orientation, pregnancy, maternity or parental status, ethnicity, disability, religion or belief, political affiliation, trade union membership, nationality, citizenship, indigenous status, medical condition, HIV status, neurodiversity, social origin, cultural background, marital or civil partnership status, or socio-economic background.
#J-18808-Ljbffr