Portfolio Security and Compliance Manager (Part-Time)

Valsoft Corporation is looking to hire a Portfolio Security and Compliance Manager to support across a growing portfolio in Europe!

We are seeking a proactive and experienced Compliance and Security Manager to join our Portfolio team at Valsoft Corporation, a leading investor in Vertical Market Software companies. The successful candidate will be responsible for ensuring that the portfolio companies are protected against cybersecurity risks and remains compliant with key standards and regulations such as ISO 27001, ISO 9001, GDPR, and other local regulations. This position is critical in safeguarding our infrastructure, services, and customer data.

This role is offered on a part time basis at 2-2.5 days per week (or similar).

Requirements

Key Responsibilities:

Cybersecurity Management:

• Implement, and monitor comprehensive cybersecurity strategies in collaboration with the Valsoft Security team to protect against emerging threats.
• Conduct regular risk assessments, vulnerability assessments, and penetration tests.
• Work closely with the portfolio companies IT and development teams to ensure secure coding practices, system configurations, and continuous monitoring.
• Respond to cybersecurity incidents, coordinate investigations, and coordinate incident response activities.
• Maintain and update cybersecurity policies and procedures for our portfolio companies, ensuring compliance with industry best practices.

Compliance Oversight:

• Ensure the portfolio companies’ full compliance with ISO 27001 (Information Security), ISO 9001 (Quality Management), and GDPR.
• Lead the preparation, documentation, and implementation of audits and certifications.
• Coordinate with external auditors to maintain certifications and manage audit processes.
• Develop, implement, and manage data protection programs, ensuring all data privacy practices comply with GDPR and other applicable laws.
• Advise leadership and staff on any relevant changes in legislation, standards, and compliance requirements.
• Monitor local regulations and other industry-specific compliance obligations and update policies as needed.
• Act as Data Protection Officer for the Portfolio companies when one is not present.
• Act as main point of contact with the ICO.
• Liaise with customers regarding their data protection needs.
• Promote data protection awareness and understanding across the Portfolio.
• Escalate and report any areas of concern identified to the Portfolio Management Team with a plan of action.
• Work with the Valsoft Security team and the Portfolio companies IT teams to update policies on data security and breech management.
• Lead employee training on compliance related topics, policies or procedures - including induction days.
• Provide advice and direction across the organisation in understanding the risks relating non-conformance to regulations. Promote a culture of robust regulatory compliance and continuous improvement.
• Document management; including ensuring all documents, policies, procedures, guidance, check lists are tracked, reviewed, up to date and stored correctly.

Training and Awareness:

• Ensure compliance with Valsoft training and awareness programs for employees on security and compliance policies.
• Foster a culture of cybersecurity awareness and data protection within the organization.
• Communicate compliance requirements and risk management strategies to all levels of the organization.

Risk Management:

• Identify, evaluate, and mitigate risks related to information security and regulatory compliance.
• Maintain a risk register and regularly report to senior leadership on the company’s risk posture.
• Collaborate with relevant teams to mitigate risks and ensure the continuity of business operations.

Documentation and Reporting:

• Develop and maintain comprehensive documentation, including security policies, compliance manuals, audit reports, and incident reports.
• Prepare and present regular reports to executive leadership on cybersecurity and compliance matters.

About you:

You will have worked in a similar role, be that Cybersecurity or ISO compliance, with a record of driving compliance for the business, ideally leading the function or department or working closely with senior management team. You will need to have strong communication and documentation skills and be able to pro-actively get things done whilst contributing to organisational and cultural awareness and change. Being a self-starter and leading all things compliance and is key, and so is awareness of commercial implications of regulatory changes for us and our clients.

Qualifications:

• Bachelor’s degree in Information Security, Compliance, Computer Science, or a related field.
• At least 5 years’ experience of working with Senior Leaders to deliver change or results.
• Professional certifications such as ISO 27001 Lead Auditor, CISM, CISSP, or equivalent are highly desirable.
• Proven experience in compliance, cybersecurity, and risk management, preferably in the software and services sector.

Key Skills:

• Cybersecurity strategy and implementation
• ISO 27001, ISO 9001, and GDPR compliance management
• Incident response and crisis management
• Risk assessment and mitigation
• Auditing and documentation
• Employee training and awareness programs
• Strong analytical and problem-solving skills.
• Thorough and accurate auditing & documenting experience
• Strong communication skills to inspire and educate others

Benefits

Private Medical Cover: The Company offers a private medical cover through Aviva of which you will be eligible for enrollment upon successful completion of your probationary period. The private medical cover is reviewed annually, and the Company reserves the right to change coverage with written notice. All benefits will be outlined to you at the time of enrollment. 

Life Assurance: The Company offers a life assurance cover to the amount of x4 base salary of which you will be eligible for enrollment upon successful completion of your probationary period. The life assurance cover is reviewed annually, and the Company reserves the right to change coverage with written notice. All benefits will be outlined to you at the time of enrollment.