IT Compliance, Audit and Risk Manager - ISO27001, GDPR, PCI-DSS
Recruiter
Listed on
Location
Salary/Rate
Type
Start Date
This job has now expired please search on the home page to find live IT Jobs.
IT Compliance, Audit and Risk Manager - ISO27001, GDPR, PCI-DSSYou will lead the company quality and compliance activities for the IT Managed Services Software Platforms to achieve quality and compliance best practice. You will also represent the company in IT quality and compliance activities and audits with customers and vendors.Client DetailsBusiness based in East Yorkshire on an exciting period of growth. DescriptionKey responsibilities:Plan and conduct internal audits for all schemas for which the company hold certifications, particularly ISO 20000/27001 including audits of 3rd parties, ensuring audit results are captured and communicated to stakeholdersBrief teams on the requirements of external audit and the evidence that needs to be retained and presented to show complianceManage external audit activities, directing activity during the audit, supporting colleagues in evidencing processes, and communicate results and actions plans to relevant stakeholdersTrack and manage to resolution non-conformances from internal and external auditPlan, lead and document risk analyses to company standards and processesPropose and develop appropriate quality & compliance policies and proceduresLead on activities required to update current certifications as schemas changeReview Group standards proposals and produce gap analyses identifying areas of difference and the activities required to bridge the gap, along with recommendations for action.Support prioritization of improvement activities through quantifying improvements according to recognized continuous improvement measures.Act as a focal point for compliance and information security related queries from colleagues, customers and vendors including during tender processes.Conduct Data Protection Impact AssessmentsReview and align IT policies and processes to current and emerging legislation and industry best practice ProfileKnowledge, Skills and Experience:Strong working knowledge of the following:
ISO/IEC 20000 schema, controls and internal audit
ISO/IEC 27001 schema, controls and internal audit
GDPR
Relevant Legislation
Root Cause Analysis Techniques
Experience of planning and conducting audits for ISO/IEC 20000/27001
Experience training how to conduct audits
Experience presenting to senior IT leadership teams
Knowledge of compliance requirements and audit experience for Cyber Essentials/Plus
Experience creating and monitoring compliance dashboards
Experience working with certifying auditors
Knowledge of Health Information Governance Toolkit/DSPT Job OfferCompetitive salary and benefits on offer with the role.