Job Title: Compliance Manager
Location: Pune, India
Reports To: Chief Financial Officer
Date: March 2018
Sigma Systems Canada LP, has achieved accredited certification to ISO/IEC 27001:2013, the international Information Security standard. This standard requires the whole company to act responsibly towards information security events and demonstrate its policies and processes meet the standards requirements, at all times. To this end, a COMPLIANCE MANAGER role is seen as key to the effective management of the company Information Security Management System (ISMS). This role will be the prime contact for all aspects of the ISO27001 standard and other related regulation adopted by the company over time.
Reports to: Chief Financial Officer and is a member of the Compliance and Security Governance Committee
General description of the role: the Compliance Manager is in charge of the company-wide Information Security Management function, providing line management, leadership and strategic direction for the function and liaising closely with other managers. The purpose of the Information Security Management function, in turn, is to bring the organization’s information security risks under explicit management control through its ISMS.
- Routine matrix management and leadership of staff associated with the Information Security Management needs
- Provides leadership and strategic direction for the ISMS Compliance function, ranging from planning and assistance with budgeting, through to motivational and promotional activities expounding the value of information security
- Liaises with and offers strategic direction to related governance functions (such as Physical Security/Facilities, Risk Management, IT, HR, Legal and Finance), plus senior and middle managers throughout the organization as necessary, on information security matters such as routine security activities plus emerging security risks and control technologies
- Recruitment, leadership and direction for a loose network of information security ambassadors distributed throughout the company and strategic locations
- Leads the design, implementation, operation and maintenance of the Information Security Management System based on the ISO27000 series standards, including its ongoing certification, plus incorporation of other related regulatory standards, the company is obliged or wishes to adopt.
- Establishes and maintains a “Centre of excellence” for information security management, for example offering internal management consultancy advice and practical assistance on information security risk and control matters throughout the organization and promoting the commercial advantages of managing information security risks more efficiently and effectively
- Establishes and maintains a “Centre of excellence” on the Data Privacy regulatory needs, offering internal management consultancy advice and practical assistance on Data Privacy matters throughout the organization and promoting the commercial advantages of managing Data Privacy risks more efficiently and effectively
- Interfaces with Sigma customers regarding potential compliance and security areas from time to time, which may include: vetting of customer requests for new certification requirements and reviewing and commenting on customer (and vendors too) contract language relating to compliance/audit requirements.
- Leads or commissions the preparation and authorizes the implementation of necessary information security policies, standards, procedures and guidelines, in conjunction with the Compliance and Security Governance Committee.
- Leads the design and operation of related compliance monitoring and improvement activities to ensure compliance both with internal security policies etc. and applicable laws and regulations.
- Leads the internal and external ISMS audit processes, establishing the audit plan to ensure the ongoing certification against the ISO27001 standard, monitoring effectiveness of controls and agreeing corrective actions with the control owners and stakeholders.
- Reports on the overall effectiveness to the Compliance and Security Governance Committee on a regular basis, taking instruction from the Compliance and Security Governance Committee, creating and communicating the action plans accordingly, liaising with the Certification bodies regarding timing and scope of the required external audits.
- Leads or commissions suitable information security awareness, training and educational activities, with relevant functions within the company.
- Agrees and commissions information security risk assessments and controls selection activities.
- Liaises with relevant parties to commission activities relating to contingency planning, business continuity management and IT disaster recovery.
- At least 10 years of full-time work experience in information security management and/or related functions.
- At least 5 years demonstrable experience in working with the ISO27001 Information security management standard and have relevant qualifications such as ISO27001 Certified ISMS Lead Auditor or ISO27001 Certified ISMS Lead Implementer.
- Absolutely trustworthy with high standards of personal integrity (demonstrated by an unblemished career history, complete lack of criminal convictions etc.), and be willing to submit to a Sigma background check.
- Hands-on team leadership and management experience, ideally coupled with suitable management qualifications, such as an MBA.
- An understanding of or background in technical IT roles, such as IT architecture, development or operations, with a clear and abiding interest in information security