Security & Compliance Manager

Department: Business Operations

Employment Type: Full Time

Location: Glasgow

Description

Encompass enables fast, accurate identity validation and verification of corporate customers, and a gold standard approach to KYC. Our award-winning corporate digital identity (CDI) platform incorporates real-time data and documents from authoritative global public data sources and private customer information, to create and maintain digital risk profiles.

Utilizing the expertise of a global transformation team of KYC and banking industry experts, as well as strategic data, technology and consulting partnerships, enables seamless integration of Encompass into existing workflows and systems. With Encompass the world's leading banks improve customer experience and increase business opportunities through consistent regulatory compliance and risk mitigation.

With offices in Amsterdam, Glasgow, London, New York, and Sydney, we are a rapidly growing international company offering a chance to be part of our success - read on if you think you're up for the challenge.

With security and compliance guiding every decision we make, our Information Security team is growing with the addition of a Security & Compliance Manager. Reporting directly to the CISO, this role will be responsible for tracking obligations, ensuring ongoing compliance, managing and conducting scheduled audits, maintaining compliance documentation, and responding to security and compliance-related information requests.

1. Manage, monitor and report on compliance with security standards, such as SOC 2 & ISO 27001, ensuring N/C's and OFI's are identified and addressed according to SLO's.
2. Drive staff awareness initiatives, ensuring completion of compliance training, policy reviews, and acknowledgments.
3. Conduct and manage risk reviews to proactively identify and mitigate security and compliance risks.
4. Plan, schedule, and execute audit activities, ensuring timely completion and adherence to regulatory requirements.
5. Actively track and manage Tier 1 customer obligations to ensure compliance and accountability.
6. Enhance the efficiency of due diligence questionnaires (DDQs) and Request for Information (RFI) responses by improving response times and increasing the percentage of questions answerable by non-specialists using an internal knowledge database.

Compliance Expertise: Strong background in highly regulated industries (banking/financial services), navigating complex compliance landscapes.

Project Management & Organization: Track multiple requirements and ensure nothing is overlooked. Prioritize actions effectively to meet deadlines and objectives. Escalate issues when necessary to avoid roadblocks.

Security Frameworks: In-depth knowledge of ISO 27001, SOC 2, and CIS for security and compliance.

Cloud & Software Development: Experience in security/compliance for cloud environments (AWS, Azure, GCP) and software development.

SDLC Knowledge: Understanding of secure coding, threat modelling, and vulnerability management within CI/CD pipelines.

Communication: Convey information clearly and effectively to stakeholders. Ensure alignment across teams through regular updates and discussions.

Audit Experience: Conducting audits, preparing documentation; certifications like CISA, CISM, or ISO 27001 Lead Auditor preferred.

Regulatory Compliance: Familiarity with GDPR, NIS, and EU DORA for cybersecurity and data protection.

Learning & Security Awareness: Stay informed on best security practices and industry developments. Share knowledge and promote good security habits within the team.

We are committed to fostering a diverse and inclusive workplace where everyone feels valued and empowered to thrive. We welcome applications from individuals of all backgrounds, regardless of race, ethnicity, gender, sexual orientation, age, disability, religion, or any other protected characteristic. If you require any adjustments during the recruitment process to ensure an equitable experience, please let us know. Join us in creating an environment where everyone can contribute their best work.

We offer a rewarding and challenging place to work, a transparent and collaborative culture, and a well-rounded benefits package. Below are some of what we currently offer:

• Participation in our industry leading share options scheme
• Private Medical Plan
• 20 days a year Work From Anywhere policy for all staff
• Flexible-first working policy
• L&D budget for all members of staff
• Udemy license access for all members of staff to support learning and career development.
• Enhanced annual, personal and parental leave schemes.
• Paid volunteering leave programme
• Employer recognition and employee assistance programmes