Compliance Manager

Role Purpose

The Compliance Manager is responsible for owning and continuously improving the client's compliance, audit, and governance framework. This role ensures sustained readiness for ISO 27001 certification and surveillance audits, as well as SOC 2 (Type 1 and Type 2) audit execution and reporting.

The role provides clear assurance to leadership, customers, and external auditors by maintaining a robust Information Security Management System (ISMS), strong policy governance, disciplined audit execution, and measurable risk management across the client's regional operations.

Key Responsibilities

1. ISMS & ISO 27001 Management

Own and maintain the client's ISMS. Ensure ongoing alignment with ISO 27001 control requirements. Plan, coordinate, and drive ISO 27001 certification and surveillance audits. Track control effectiveness and remediation actions to closure.

2. SOC 2 Compliance & Audit Delivery

Own the SOC 2 compliance programme, including scope definition against Trust Services Criteria. Coordinate SOC 2 Type 1 and Type 2 audits with external auditors and internal stakeholders. Maintain audit evidence repositories and ensure traceability of controls to evidence. Prepare management reports and customer-facing assurance materials as required.

3. Audit & Assurance Management

Plan and coordinate internal and external audits across IT and security domains. Track audit findings, corrective actions, and remediation timelines. Ensure timely closure of audit issues and accurate status reporting to leadership.

4. Policy, Standards & Governance

Develop, maintain, and periodically review IT, security, and compliance policies. Ensure policies are approved, communicated, and adopted across regions and teams. Maintain alignment between policies, standards, and operational practices.

5. Regulatory & Data Protection Compliance

Ensure compliance with applicable regulatory requirements, including PDPA and relevant regional regulations. Monitor regulatory changes and assess impact to the client's controls and processes. Partner with Legal, HR, and IT teams on data protection and privacy matters.

6. Risk Management & Reporting

Maintain and govern the IT and security risk register. Facilitate periodic risk assessments and control self‑assessments. Provide clear, concise risk and compliance reporting to IT leadership and stakeholders.

7. Third‑Party Compliance Governance

Define and manage the vendor compliance and assurance framework. Track vendor compliance obligations and supporting evidence. Coordinate remediation actions with vendors where gaps are identified.

KPIs / Success Measures

Audit & Certification Outcomes

Successful ISO 27001 certification and surveillance audits with zero critical findings. SOC 2 audits completed on schedule with no major exceptions.

Governance & Control Effectiveness

Timely closure of audit findings and corrective actions. Up‑to‑date policies with 100% on‑time review compliance.

Risk & Assurance

Accurate, current risk register with measurable risk reduction over time. Positive internal and external audit feedback on governance maturity.

Qualifications & Experience

Required

· Bachelor's degree in Information Security, Risk Management, Audit, or a related field.

· 7–10 years of experience in compliance, audit, or governance roles.

· Strong hands‑on experience with ISO 27001 and SOC 2 frameworks.

· Proven experience managing audits, evidence repositories, and remediation tracking.

· Strong stakeholder management and documentation skills.

Preferred

· ISO 27001 Lead Implementer or Lead Auditor certification.

· CISM, CRISC, or similar risk and compliance certifications.

· Experience operating in multi‑country or rapidly scaling organisations.

· Exposure to cloud and SaaS‑centric environments.

Competencies

· Strong attention to detail and documentation discipline.

· Ability to translate control requirements into practical operational guidance.

· Structured, methodical, and outcome‑driven.

· Confident engaging auditors, regulators, and senior stakeholders.

· High integrity, confidentiality, and professional judgement.