Security & Compliance Team Lead
Custodia is a UK based company, founded in 2017, with wider presence in North America, Europe and Asia both directly and through strategic partnerships.
Our current key offering is the CC1 (Compliance Cloud One) service which records, stores and normalizes any type of communications data. This includes many common platforms such as phone email, SMS, phone calls, Microsoft Teams, WhatsApp and WeChat amongst many others. This allows companies to communicate in a compliant manner, whilst driving greater data-driven insights from the data they already have to store.
The Security & Compliance Team Lead is a key role responsible for overseeing the security and compliance functions within an organisation. This role plays a critical part in ensuring the protection of company assets, data, and systems, as well as maintaining compliance with relevant regulations and standards. The Security & Compliance Team Lead collaborates with cross-functional teams to implement and maintain security policies, procedures, and controls, while promoting a culture of security awareness and best practices.
Responsibilities
Security Policies:
Implement and maintain Custodia security strategy aligned with business objectives.
Assess risks, vulnerabilities, and potential threats to information systems and assets.
Collaborate with the security policies, standards, and procedures to ensure the confidentiality, integrity, and availability of data.
Collaborate with stakeholders to establish security requirements and ensure their integration into system designs and processes.
Compliance Reviews:
Monitor, interpret, and ensure compliance with applicable laws, regulations, and industry standards (e.g., GDPR, HIPAA, PCI DSS).
Conduct internal and facilitate external audits for ISO 27001 & SOC 2
Maintain compliance frameworks, controls, and documentation.
Conduct regular audits and assessments to evaluate the effectiveness of security controls.
Coordinate responses to compliance-related incidents, breaches, or inquiries.
Security Operations:
- Oversee the implementation and day-to-day management of security controls, including firewalls, intrusion detection systems, access controls, and encryption mechanisms.
Establish incident response procedures and lead investigations in the event of security incidents or breaches.
Stay up to date with emerging threats and vulnerabilities, and proactively address potential risks.
Conduct security awareness training and education programs for employees.
Risk Management:
Identify and assess risks to the organisation’s information assets and systems.
Mitigate risk working with stakeholders to prioritize and address security risks.
Conduct regular risk assessments and vulnerability scans.
Monitor and report on the status of security risks to management.
Collaboration and Stakeholder Management:
- Collaborate with cross-functional teams, including IT, legal, human resources, and operations, to ensure security and compliance requirements are met.
- Engage with external auditors, regulators, and industry groups to maintain awareness of best practices and emerging trends.
Provide guidance and recommendations to management and employees on security-related matters.
Foster a culture of security awareness and accountability throughout the organisation.
Desired Skills & Experience
A strong understanding of operating system internals and network protocols.
Experience as a team leader and ability to communicate with personnel at all levels of the organization.
Project management skills, including organization, coordination of duties, and/or accomplishment of goals.
Proven experience in implementing and managing security frameworks, including ISO 27001 and SOC 2.
Hold certifications such as CISSP, CISA, or other related qualifications.
Experience with Change and Release Management based on ITIL best practices.
Familiarity with Azure and hands-on experience.
Experience with vulnerability scanner Nessus.
Incident investigation experience to effectively respond to and mitigate security incidents.
Familiarity with firewall configuration and management.
Expertise in identity and access management (IAM) solutions.
Hands-on experience with intrusion detection and prevention systems (IDPS).
Understanding of secure coding practices and vulnerability management.
Experience conducting security code reviews and application assessments.
Experience in secure architecture design and implementation of systems including Threat modelling.
Experience in managing and configuring security information and event management (SIEM) systems.
Technical curiosity and an aptitude for swiftly learning and adapting to new technologies.
Qualifications
- ISO 27001, SOC 2, CISSP, CISA, or other related qualifications
Benefits
Competitive salary
Employee Assistance Programme
Free parking
Free parking
This role is on-site, based at our office in Knutsford.
To apply for this role, please send a covering letter and CV to careers@custodiatechnology.com