Who Are We: Comply is the leading provider of compliance SaaS and consulting services for the global financial services sector. With more than 5,000 clients and hundreds of employees across the globe, Comply empowers Chief Compliance Officers and their teams to proactively manage regulatory obligations, mitigate risk, and scale with efficiency and confidence. Comply serves thousands of global financial services clients including broker-dealers, insurers, investment banks, private funds, RIAs, and wealth managers who rely on Comply offerings to power their compliance programs. To learn more about Comply, visit comply.com The Role: Primary responsibilities of this role include responding to due diligence questionnaires, conducting policy reviews, and ensuring adherence to ISO 27001 and SOC2 security compliance controls. Responsibilities Excellent communication skills in the English language. Primary in responding to due diligence questionnaires from clients, partners, and regulatory bodies. Conduct thorough reviews of existing security policies and procedures. Ensure alignment with ISO 27001 and SOC2 security controls. Assist in the development and implementation of new security policies, procedures, and supporting artifacts. Monitor and report on compliance status and progress; Engage cross-organizationally to collect supporting artifacts and implement new controls. Collaborate with internal teams to address compliance-related issues and gaps. Conduct internal and external audits related to security compliance, access reviews, firewall audits, and other required processes. Experience using security tools such as EDR and SIEM to accomplish automating compliance activities. Stay updated on the latest compliance requirements and industry best practices. Provide training and support to staff on compliance-related matters via security newsletters, yearly security awareness training, and phishing exercises. Skills and Qualifications Bachelor's degree in Information Security, Computer Science, or related field. 3-5 years of experience in a security compliance, GRC, or related information security role. Strong understanding of ISO 27001 and SOC2 compliance frameworks, as well as NIST defined standards. Excellent written and verbal communication skills, via email and on calls. Detail-oriented with strong analytical and problem-solving abilities. Ability to work independently and as part of a team. Experience using Jira, Confluence, and SharePoint for collaboration. At least one relevant certification (e.g., CISA, CASP, CISM, ISO 27001 Lead Auditor). To learn more about our values, mission and the wide-range of perks offered to employees at Comply, visit https://www.comply.com/careers/. Comply is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, disability, sex, sexual orientation, gender identity, or national origin. Nothing in this job posting should be construed as an offer or guarantee of employment. Applicants must be authorized to work for any employer in the United Kingdom. Currently, we are unable to sponsor or take over sponsorship of an employment Visa at this time. Comply is aware of scammers posing as Comply employees and extending job offers via direct messaging, texts and social media platforms. These are fraudulent and should be treated as such. To learn more about this, please review our Statement of Fraudulent Job Offers. We may use artificial intelligence (AI) tools to support parts of the hiring process, such as reviewing applications, analyzing resumes, or assessing responses. These tools assist our recruitment team but do not replace human judgment. Final hiring decisions are ultimately made by humans. If you would like more information about how your data is processed, please contact us.