Compliance Manager

The Compliance Manager will be responsible for overseeing the firm’s ISO 27001, SS714:2025 (DPTM), and Cyber Trustmark (CTM) certification processes. This role ensures compliance with industry information security, data privacy, and risk management standards. The individual will work closely with internal teams, internal and external auditors, and regulatory bodies to develop and maintain compliance frameworks, policies, and audit readiness.

ISO 27001, SS714:2025 (DPTM) & Cyber Trustmark Compliance

• Lead the firm’s ISO 27001 certification process, including gap assessments, risk analysis, and internal audits.
• Oversee compliance efforts for ISO 27001, SS714:2025 (DPTM) & Cyber Trustmark (cybersecurity best practices).
• Implement information security policies, standard operating procedures, and controls aligned with regulatory frameworks.
• Coordinate external audits and assessments for certification bodies and regulators.

Governance, Risk & Compliance

• Support leadership with the implementation and oversight of necessary Governance, Risk & Compliance for areas such as information security, data privacy, and cyber resilience.
• Support leadership and the IT/Digital department with management of data classification, retention, and security protocols, ensuring adherence to PDPA and ISO 27001 requirements.
• Conduct internal risk assessments, vendor risk evaluations, and third-party due diligence.
• Establish a compliance monitoring and reporting mechanism for key stakeholders and leadership.
• Maintaining and updating of Risk Register, identifying potential risks, and implementing mitigation strategies

Policy Development & Awareness

• Maintain IT security, data protection, and cybersecurity policies.
• Work with IT and Cyber teams for regular training and awareness programs for employees on ISO 27001, PDPA, cybersecurity best practices, and regulatory requirements.
• Drive a compliance-first culture across the organization.

Incident & Audit Management

• Oversee the firm’s incident response plan, ensuring compliance with ISO 27001’s ISMS requirements and PDPA’s data breach notification guidelines.
• Work with Legal, IT, and Risk teams to ensure data privacy and cybersecurity policies are enforced.
• Lead pre-certification audits, internal compliance assessments, and security gap analysis.

Stakeholder & Regulatory Engagement

• Act as the key liaison between the firm, auditors, certification bodies, and regulators.
• Provide regular reports and updates to senior management on compliance progress and risk exposure.
• Stay updated on evolving cybersecurity threats, regulatory changes, and industry best practices.

Qualifications & Experience

• Bachelor’s degree in information security, Cybersecurity, Risk Management, Law, or Business Administration.
• 5+ years of experience in compliance, information security, IT governance, or risk management.
• Experience with ISO 27001, SS714:2025 (DPTM), Cyber Trustmark, NIST, or MAS TRM frameworks is a plus.
• Experience working in Professional Services, Consulting, or Big 4 environments is a plus.

Technical & Soft Skills

• Experience conducting internal security audits and compliance assessments.
• Excellent stakeholder management, communication, and project leadership skills.
• Ability to work cross-functionally with Legal, IT, Risk, and Business teams.