Security & Compliance Officer

Hexegic are looking for a Security & Compliance Officer to be responsible for our growing regulatory environment. We have held ISO27001, ISO9001, Cyber Essentials+ and various other UK Government compliance standards for several years and we are looking to further these with the likes of the Industry Personnel Security Accreditation (IPSA).

We have established policy and process which is agile and harmonised. As the company expands, we are looking to step change our approach with a full-time resource to manage this critical part of our business.

We are looking for an ISO27001 Lead Auditor level skillset who has worked with in both existing compliance environments but crucially has setup or developed systems against new frameworks without overburdening the organisation. The candidate should have strong analytical and problem-solving skills, excellent communication and interpersonal skills, be highly organised and able to review and write documents to a high standard. Previous experience of the UK Government security regime would be welcome.

• Monitoring and Risk Assessment: Conduct regular risk reviews with the leadership team
• Identifying, analysing and mitigating risks to ensure compliance
• Conducting regular compliance audits and assessments to identify potential issues
• Monitoring regulatory developments and ensuring updates to the compliance policies and procedures
• Policy and Procedure Development: Own the management system, compliance policy and procedure documentation
• Conduct regular review with stakeholders
• Develop and implement new compliance programs as necessary
• Reporting and Documentation: Prepare and present reports on compliance findings to leadership
• Conduct regular management reviews and audits with leadership
• Lead regular internal audits ready for external assessments
• Gather evidence of controls, policy and procedures for external audits
• Security Assurance: Undertake duties in support of the Security Controller
• Conduct personnel security risk assessment in line with IPSA requirements
• Complete regular supply chain and third-party security assurance
• Investigation and Remediation: Lead investigations into potential compliance breaches and recommend corrective actions
• Supporting regulatory correspondence and information requests

• ISO27001 Lead Auditor level skillset
• Experience with existing compliance environments and developing systems against new frameworks
• Strong analytical and problem-solving skills
• Excellent communication and interpersonal skills
• Highly organised with ability to review and write documents to a high standard
• Previous experience of the UK Government security regime would be welcome