Join to apply for the Head of Compliance role at TieTalent.
Get AI-powered advice on this job and more exclusive features.
The Job:
We are delighted to be assisting our client with their newly created role for a Head of Compliance. This is an exciting time to join a growing and forward-thinking organization in Bristol. The role involves leading their information security compliance efforts, specifically in line with ISO/IEC 27001, ISO/IEC 42001, and Cyber Essentials PLUS standards. Responsibilities include maintaining, auditing, and improving their Information Security Management System (ISMS), overseeing compliance initiatives, coordinating with internal teams, and ensuring audit readiness.
You will also implement (alongside technical and sales teams) a Compliance as a Service (CaaS) to assist clients with Pre Audits, Gap Analysis, Training, and maintaining ISO Certifications.
Key Responsibilities
* Build and lead a new team to deliver CaaS and support services.
* Develop, implement, and maintain the ISMS aligned with ISO/IEC 27001 and Cyber Essentials PLUS.
* Lead internal audits, gap assessments, and risk assessments for ISO 27001 and Cyber Essentials PLUS.
* Manage external audits and certifications, liaising with third-party auditors.
* Maintain documentation such as the Statement of Applicability (SoA) and Risk Treatment Plans.
* Identify compliance gaps and lead remediation activities.
* Oversee incident management, business continuity, and data protection within ISMS.
* Stay updated on changes to relevant standards and cybersecurity threats.
* Develop and deliver security and compliance training across the organization.
* Collaborate with IT, Legal, HR, and other departments to implement controls.
* Document controls, risk actions, and evidence for certification.
The Person:
Ideal candidates will have in-depth knowledge of ISO/IEC 27001, possibly as a Lead Auditor, Compliance Officer, or someone who has led ISO 27001 implementation. Key experience includes:
* ISO/IEC 27001 Lead Auditor or Lead Implementer certification.
* Familiarity with GDPR, NIS2, ISO/IEC 42001, and other data protection/security regulations.
* Experience with GRC platforms or compliance automation tools.
* Hands-on assessment or audit experience with Cyber Essentials PLUS.
* Certifications such as CISSP, CISM, or CISA are advantageous.
Location:
Bristol (hybrid working)
Hours:
Monday to Friday, 9am–5.30pm
Salary:
£40,000–£55,000
Nice-to-have skills:
* CISSP
Work experience:
* Cyber Security Specialist
* Security Analyst
* Security Architect
Languages:
* English
Seniority level:
Director
Employment type:
Full-time
Job function:
Legal
Industries:
Technology, Information and Internet
#J-18808-Ljbffr