Security Compliance Lead

FabConnect HR

Bengaluru, India

5-7 Years

Save

Posted 10 hours ago
Be among the first 10 applicants

Early Applicant

Job Description

Jobpurpose

TheSecurityComplianceLeadisresponsiblefortheongoingoperationofFusion5'sgovernance,risk

andcompliancefunctionandsupportstheCISOinensuringsecuritycontrols,riskmanagementand

complianceactivitiesareconsistentlyembeddedacrosstheorganization.

Therolefocusesonmaintainingcontinuousalignmentbetweensecurityrequirementsandday-to-

daybusinessoperations,ensuringthatgovernanceprocesses,evidenceandcontrolsremaincurrent

astheorganizationevolves.Thispositionworkscloselywithdelivery,engineering,ICT,product,legal

andprocurementteamstosupportsecure,compliantservicesacrossallregions.

TheSecurityComplianceLeadalsoprovidesoperationalsecurityleadershipduringcybersecurity

incidents,actinginlieuoftheCISOwhenrequiredtosupportincidentcoordination,governance

oversightandtimelydecision-making.

Operatingmodel&workingtimealignment

TheSecurityComplianceLeadoperatesasanembedded,operationalrolewithinFusion5andis

requiredtoworkalignedhourswithmostofthebusiness,primarilyNZandAUcoreworkinghours.

(3:00/4:00AMISTLogin)

Thisalignmentisrequiredtoenable:

Real-timecollaborationwithdelivery,engineering,ICT,product,legalandprocurement

teams

Timelyparticipationinsecurityincidents,riskdiscussionsandoperationaldecision-making

Effectivecoordinationofaudits,assuranceactivitiesandremediationfollow-ups

Responsivehandlingofclient,vendorandregulatorysecurityrequests

Duetothenatureoftherole,securitygovernance,incidentresponsesupportandassurance

activitiescannotbeeffectivelydeliveredondelayedtimezones.

Keyaccountabilities

ISMS&ISO 27001/27701 Ownership

MaintainandoperatetheISMSacrossNZ,AUandIndiaasacontinuous,

year-roundprogrammeofwork.

OwntheStatementofApplicability(SoA)andensureaccurate

implementationofallrequiredcontrolsthroughongoingengagement

withsystemandprocessowners.

LeadinternalandexternalISOaudits,includingsurveillanceand

recertificationcycles,supportedbyregularcontrolreviewsand

evidencevalidationthroughouttheyear.

Ensurepolicies,proceduresandsupportingevidenceremainalignedto

ISO27001/27701requirementsthroughactivecollaborationwithteams

asservices,systemsandprocesseschange.

Risk Management & Governance

Ownthecybersecurityriskmanagementregisterandconductquarterly

riskreviewssupportedbyregularengagementwithbusinessand

systemowners.

Approveriskassessments,treatmentplans,residualriskacceptanceand

exceptionsbasedoncurrentoperationalcontextandcontrol

effectiveness.

Maintainoversightofriskregisters,treatmentprogressandcontrol

maturityacrosspillarsthroughconsistentfollow-up,reviewmeetings

andstatusupdateswithaccountableowners.

EnsurealignmentwithNISTCSFv2.0,AE8andprivacycompliance

requirementsaspartofongoinggovernanceactivities,notpoint-in-time

assessments.

Audit Leadership

Leadinternalaudits,clientauditsandregulator-drivenassessmentsas

partofestablishedgovernanceandassuranceprocesses.

Reviewevidence,findingsandremediationplansthroughregularcheck-

inswithteamstoconfirmaccuracy,completenessandprogress.

Governauditlogs,documentation,correctiveactionsandfollow-up

activities,ensuringissuesaretracked,discussedandresolvedwith

responsibleowners.

Incident Response & Operational Support

Supportcybersecurityincidentresponseactivitiesinlinewiththe

IncidentResponsePlan.

Actastheprimarygovernanceandcomplianceleadduringincidents

andasthedelegatefortheCISOwhenrequired.

Providereal-time,hands-onsupporttoincidentresponsemanagers,

ICT,engineering,legalandcommunicationsteamsduringactive

incidents.

Ensureincident-relateddecisions,actionsandcommunicationsalign

withregulatory,contractualandcomplianceobligations.

Overseepost-incidentreviews,workingdirectlywithteamstoensure

findings,controlgapsandimprovementactionsaredocumented,

ownedandprogressed.

Penetration Testing & Assurance

Manageannualpenetrationtesting,includingscoping,schedulingand

vendorengagement,supportedbyongoingcoordinationwithtechnical

teams.

GovernremediationoutcomeswithICT,developersandsystemowners

throughregularfollow-upstoconfirmprogress,evidenceandclosure.

Trackfindings,ensuretimelyresolutionandintegrateoutcomesintorisk

managementandmonthlyreporting.

Reporting & Metrics

ProducemonthlysecuritymetricsfortheCISO,includingauditstatus,

ISOevidenceprogress,riskchanges,pen-testremediation,exceptions

andtrainingcompliance.

SupportSGSCandBoard-levelreportingthroughstructureddashboards

andsummariesinformedbycurrent,validatedoperationalinputs.

Documentation & Compliance

Maintaingovernanceoverpolicydocuments,controldocumentation

andproceduresthroughongoingreviewandengagementwithcontent

owners.

Ensureevidencerepositories,SharePointstructuresandISMS

documentationremainaccurateandaudit-readythroughregular

validationwithteamsthroughouttheyear.

Overseeconsistencyofdocumentationacrossallpillarsandregionsby

workingdirectlywithteamstoestablish,updateandmaintainartefacts.

Keybehaviouralcompetencies

Customer-centric Thinking

Considerscustomerimpactinallsecurityandcompliancedecisions.

Advocatesforsecureservicesthatsupportcustomertrustand

contractualobligations.

Balancessecurity,complianceanddeliveryrequirementsincustomer-

facingcontexts.

Communicatesrisk,assurancepostureandcompliancestatusinclear,

customer-appropriatelanguage.

Prioritisesissuesthataffectcustomerdataprotection,serviceintegrity

andregulatoryexposure.

Collaboration&

Teamwork

EngageseffectivelywithawiderangeofstakeholdersacrossNZand

Australia,includingengineering,product,operations,legal,

procurementandleadership.

Buildsstrongworkingrelationshipsthroughregularone-to-oneand

team-basedengagement.

Leadsandfacilitatesworkshopswithteamstoestablish,developand

maintaingovernanceartefacts,controlsandevidencerequiredfor

certificationandaudits.

Supportsteamsduringaudits,assuranceactivitiesandincidents

throughclearguidanceandcoordination.

Adoptsacollaborative,practicalandsolution-focusedapproachwhen

workingwithdiverseteams.

Communication&

Influence

Demonstratesstrongwrittencommunicationskills,includingtheability

toproduceclear,structuredpolicies,standards,reportsandaudit

artefacts.

Communicatescomplexgovernance,riskandcompliancerequirements

inawaythatisunderstandabletotechnicalandnon-technical

audiences.

Providesconcise,well-reasonedadvicetoseniorstakeholdersto

supporttimelydecision-making.

Isabletojoincallsordiscussionsatshortnoticewhenissuesrequire

immediateattentionorclarification.

CriticalThinking&

Problem Solving

Appliesstructuredreasoningandevidence-basedanalysistoassess

securityandcompliancerisks.

Breakscomplexregulatoryandcertificationrequirementsintoclear,

actionablestepsforteams.

Evaluatesoptionsandtrade-offsbasedonrisk,businessimpactand

feasibility.

Continuouslyrefinesgovernanceprocessesbasedonauditoutcomes,

incidentsandoperationalfeedback.

Governance&

Certification Leadership

Demonstratesdeep,practicalunderstandingofISO27001/27701and

howcertificationframeworksoperateinpractice.

Builds,operatesandimprovesgovernanceandcertificationframeworks

asongoingprogrammesofwork.

Leadsevidencedevelopment,validationandcollationactivitiesin

partnershipwithsystemandprocessowners.

Ensurescertificationactivitiesareembeddedintoeverydaybusiness

operationsratherthantreatedasisolatedexercises.

Risk Management Mindset

Proactivelyidentifiesemergingrisksacrosssystems,servicesand

vendors.

Maintainsanddrivesriskregistersthroughconsistentengagementwith

accountableowners.

Followsupremediationactionsthroughregulardiscussion,validation

andstatusreview.

Communicatesriskinbusiness-relevanttermstosupportprioritisation

andinformeddecision-making.

Learning Agility

Demonstratesinitiativeandownershipinidentifyinggaps,

improvementsandemergingrequirements.

Respondsquicklytochangingpriorities,incidentsorassurancerequests.

Learnsfromaudits,incidentsandregulatorychangetocontinuously

strengthengovernanceoutcomes.

Core Competencies

Strategicthinking

Problem-solving

Adaptability

Governanceandtechnicalleadership

Stakeholderengagementandcommunication

Success Factors

Maintainsauditreadinessthroughyear-roundgovernance,evidence

andcontrolmanagement.

Establishestrustedworkingrelationshipswithsystemowners,delivery

teamsandleadershipacrossNZandAU.

Produceshigh-qualitypolicies,reportsandcertificationartefactsthat

meetauditandcustomerexpectations.

Leadscertificationandassuranceactivitieswithminimalfindingsand

efficientremediation.

Providestimely,authoritativeinputduringaudits,incidentsandrisk

discussions.

Experience:

5+yearsincybersecuritygovernance,compliance,auditorriskroles.

StrongpracticalexperiencebuildingandoperatingISO27001/27701

governanceandcertificationframeworks.

Demonstratedexperienceleadingaudits,assessmentsandcertification

programmes.

Provenabilitytorunworkshopsandworkingsessionsfocusedon

evidencedevelopment,riskandcontrolmaturity.

Strongexperiencemanagingriskregistersanddrivingremediationwith

systemandserviceowners.

Excellentwrittencommunicationskillsforpolicies,standards,audit

responsesandexecutivereporting.

Experiencesupportingincidentresponse,post-incidentreviewsand

businesscontinuityactivities.

More Info

Job Type:

Industry:

Function:

Employment Type:

About Company

FabConnect HRJob Source: www.linkedin.com

Job ID: 143390431

Jobs by Skill - IT

Jobs by Skill - Non IT

International Jobs

Last Updated: 24-02-2026 08:44:36 PM

Homejobs in Bengaluru / BangaloreSecurity Compliance Lead

Do you want to see more relevant and perfect job for you?

Beware of Scammers

We don’t charge any money for job offers

What it feels like to have

48% more interview calls?

To get 5X more recruiter views on your profile