We are working with a utility company in the search for a Compliance Manager to play a critical role in safeguarding the organization’s cybersecurity posture.
This is a GRC (Governance, Risk, and Compliance) role in which the compliance manager will play a crucial role in ensuring that an organization adheres to all applicable Critical National and Infrastructure laws, regulations, and internal policies. You will be responsible for developing, implementing, and monitoring compliance programs across various departments and business units.
- Collaborate in developing and maintaining comprehensive cybersecurity policies, standards, and procedures aligned with industry frameworks like ISO 27001, NIST, CIS, and the Cyber Assessment Framework (CAF).
- Design, implement, and manage a robust compliance process to track and address any non-compliance with regulations, security policies, and standards.
- Partner with business units to identify the root causes of non-compliance and provide actionable recommendations for improvement.
- Conduct ongoing oversight of compliance activities, identify recurring themes, and propose effective solutions.
- Generate insightful management reports using tools like Microsoft Power BI and PowerPoint, providing clear visibility into risk trends.
- Proven experience in a Security Governance, Risk, and Compliance (GRC) role.
- Solid understanding of cybersecurity risks and controls.
- Working familiarity with industry security standards and frameworks, including the Cyber Assessment Framework (CAF).
- Deep comprehension of core information security principles.
- Exceptional written and verbal communication skills in English, including strong influencing abilities.
- Proficiency in creating professional management reports using tools like Microsoft Power BI and PowerPoint.
- Prior experience in drafting security policies and standards.
- Demonstrated ability to work independently and take initiative.
- Familiarity with root cause analysis controls testing, and GRC tooling is a plus.
- While this role is not primarily technical, the ability to collaborate closely with technical colleagues and grasp technical security concepts is highly desirable.
- Experience in utilities or other industrial CNI environments is a valuable asset but not strictly mandatory.