
Search by job, company or skills

Role Purpose
The Compliance Manager is responsible for owning and continuously improving the client's compliance, audit, and governance framework. This role ensures sustained readiness for ISO 27001 certification and surveillance audits, as well as SOC 2 (Type 1 and Type 2) audit execution and reporting.
The role provides clear assurance to leadership, customers, and external auditors by maintaining a robust Information Security Management System (ISMS), strong policy governance, disciplined audit execution, and measurable risk management across the client's regional operations.
Key Responsibilities
1. ISMS & ISO 27001 Management
Own and maintain the client's ISMS. Ensure ongoing alignment with ISO 27001 control requirements. Plan, coordinate, and drive ISO 27001 certification and surveillance audits. Track control effectiveness and remediation actions to closure.
2. SOC 2 Compliance & Audit Delivery
Own the SOC 2 compliance programme, including scope definition against Trust Services Criteria. Coordinate SOC 2 Type 1 and Type 2 audits with external auditors and internal stakeholders. Maintain audit evidence repositories and ensure traceability of controls to evidence. Prepare management reports and customer-facing assurance materials as required.
3. Audit & Assurance Management
Plan and coordinate internal and external audits across IT and security domains. Track audit findings, corrective actions, and remediation timelines. Ensure timely closure of audit issues and accurate status reporting to leadership.
4. Policy, Standards & Governance
Develop, maintain, and periodically review IT, security, and compliance policies. Ensure policies are approved, communicated, and adopted across regions and teams. Maintain alignment between policies, standards, and operational practices.
5. Regulatory & Data Protection Compliance
Ensure compliance with applicable regulatory requirements, including PDPA and relevant regional regulations. Monitor regulatory changes and assess impact to the client's controls and processes. Partner with Legal, HR, and IT teams on data protection and privacy matters.
6. Risk Management & Reporting
Maintain and govern the IT and security risk register. Facilitate periodic risk assessments and control self‑assessments. Provide clear, concise risk and compliance reporting to IT leadership and stakeholders.
7. Third‑Party Compliance Governance
Define and manage the vendor compliance and assurance framework. Track vendor compliance obligations and supporting evidence. Coordinate remediation actions with vendors where gaps are identified.
KPIs / Success Measures
Audit & Certification Outcomes
Successful ISO 27001 certification and surveillance audits with zero critical findings. SOC 2 audits completed on schedule with no major exceptions.
Governance & Control Effectiveness
Timely closure of audit findings and corrective actions. Up‑to‑date policies with 100% on‑time review compliance.
Risk & Assurance
Accurate, current risk register with measurable risk reduction over time. Positive internal and external audit feedback on governance maturity.
Qualifications & Experience
Required
· Bachelor's degree in Information Security, Risk Management, Audit, or a related field.
· 7–10 years of experience in compliance, audit, or governance roles.
· Strong hands‑on experience with ISO 27001 and SOC 2 frameworks.
· Proven experience managing audits, evidence repositories, and remediation tracking.
· Strong stakeholder management and documentation skills.
Preferred
· ISO 27001 Lead Implementer or Lead Auditor certification.
· CISM, CRISC, or similar risk and compliance certifications.
· Experience operating in multi‑country or rapidly scaling organisations.
· Exposure to cloud and SaaS‑centric environments.
Competencies
· Strong attention to detail and documentation discipline.
· Ability to translate control requirements into practical operational guidance.
· Structured, methodical, and outcome‑driven.
· Confident engaging auditors, regulators, and senior stakeholders.
· High integrity, confidentiality, and professional judgement.
Job ID: 149412607
Skills:
compliance operations , Artificial Intelligence, Business regulations, Digital tools, Regulatory monitoring, Due Diligence, Risk assessments, Project management, Research Skills, Control requirements, Reporting
Skills:
Aml, sanctions compliance, financial crime risk management, compliance automation, anti-bribery and corruption, compliance technology, surveillance enhancements, regulatory engagement, CFT, risk management solutions, Transaction Monitoring, customer due diligence
Skills:
assisting others , User Acceptance Testing (UAT), Uat, Business Process Automation, User Acceptance Testing, Data Migration, Documentation, Ai, Risk Management, Risk Mitigation, Potential Risks, Emerging Technologies, Gathered business requirements, Organizing business meetings, Budget, resolve key project issues
Skills:
SAP, Digital Tools Architecture, Broker Vendor Governance, Post-Carriage Optimization, Risk Audit Management, Cost Optimization, Regulatory Compliance
Skills:
Iso 27001, SOC2, PCI-DSS
We don’t charge any money for job offers