Risk & Compliance Analyst

The Company

Founded in 2009, Cubic Telecom has grown to become one of the leading providers of connectivity solutions and analytics services that help vehicle and IoT device manufacturers manage and grow revenue streams. Fast paced, smart, ambitious, and continually seeking new, ideas. That’s us, is it you? At Cubic you will find an environment filled with energy and collaboration, where we set out every day to improve not just the world, but ourselves and each other.

We believe in leadership that supports empowerment and responsibility, while recognising and developing leadership qualities across Our Team. Together we bring out the best in each other. So, whether you’re interested in joining us as an individual contributor, manager, senior leader – or someone who aspires to growing into a leadership role – we look for people who are results focused, empathetic, visionary, empowering, and who ‘champion’ our cultures and values.

The Role

We are seeking a Risk and Compliance Analyst who thrives on working in a fast-paced, highly flexible environment. This role will report directly to the Head of IT & Security and will play a key role in supporting the development and implementation of risk management and compliance strategies. The successful candidate will help ensure the security, integrity, and compliance of our company's data, core network, and platform while contributing to the overall IT and security objectives.

Key Responsibilities:

• Lead efforts to achieve regulatory and contractual industry certifications (e.g., ISO 27001, NIS2, SOC 2, TISAX, GDPR, etc.) by coordinating cross-functional teams and ensuring compliance with required standards. 
• Maintain existing certifications by conducting regular reviews, updates, and audits to ensure ongoing compliance with certification requirements.
• Act as the primary point of contact for third-party auditors, ensuring all required documentation, evidence, and processes are prepared and available
• Coordinate and manage the end-to-end audit process, including scheduling, facilitating meetings, and addressing auditor queries
• Develop, review, and update internal policies, procedures, and controls to align with certification requirements and industry best practices. 
• Ensure that all employees are aware of and adhere to compliance policies through training and communication initiatives.
• Conduct regular risk assessments to identify potential compliance gaps or vulnerabilities in systems, processes, or controls.
• Work closely with IT, Security, Legal, and other departments to ensure alignment on compliance objectives and initiatives. 
• Assess and monitor third-party vendors for compliance with security and regulatory requirements.

Requirements

Essential:

• Bachelor's or Master’s degree in Computer Science, Information Systems, Cybersecurity, Business Analysis, Risk Management or a related field.
• Hands-on experience with achieving and maintaining compliance for certifications such as:
• ISO 27001 (Information Security Management)
• ISO 27017 (Cloud Security)
• ISO 9001 (Quality Management)
• NIS2 (Directive (EU) 2022/2555)
• TISAX (Trusted Information Security Assessment Exchange)
• GSMA (Global System for Mobile Communications standards)
• PCI DSS (Payment Card Industry Data Security Standard)
• HIPAA (Health Insurance Portability and Accountability Act)
• GDPR (General Data Protection Regulation)
• SOC 2 (Service Organization Control 2)
• In-depth knowledge of risk management frameworks, compliance standards, and regulatory requirements.
• Strong understanding of IT and security controls, including access management, incident response, data protection, and vulnerability management. 
• Familiarity with governance frameworks such as NIST, COBIT, or ISO standards.
• Excellent written and verbal communication skills, with the ability to create clear and concise documentation for policies, procedures, and audit evidence.
• Strong interpersonal skills to collaborate effectively with cross-functional teams, external auditors, and stakeholders at all levels. 
• Ability to assess complex systems and processes to identify compliance gaps and recommend practical solutions.
• Strong attention to detail and organizational skills to manage multiple certifications and audits simultaneously.
• Familiarity with compliance and risk management tools, such as GRC (Governance, Risk, and Compliance) platforms. 
• Basic understanding of cloud environments (e.g., AWS, Azure, GCP) and their associated security and compliance requirements. 
• A proactive approach to staying up-to-date with changes in compliance standards, regulations, and industry best practices.

Preferred:

• Prior experience working in the telecommunications industry or with GSMA standards and frameworks.
• Relevant certifications such as CISA, CISM, CISSP, CRISC, PCI DSS QSA (Qualified Security Assessor), GDPR Practitioner, or ISO Lead Auditor/Implementer 
• Hands-on experience using compliance automation platforms such as Vanta, Drata, or similar tools to streamline certification processes, monitor controls, and maintain audit readiness. 
• Experience implementing and maintaining compliance for cloud-specific certifications such as ISO 27017 or SOC 2
• Past project management experience, Project Management Professional (PMP) Certification
• Technical Writing Skills: Experience creating and maintaining detailed documentation, including policies, procedures, and audit evidence, with the ability to adapt strategies to meet evolving requirements.

Benefits

• 25 days annual leave + 2 company days
• Health Insurance
• Pension Contribution
• ESOP
• Tax saver scheme
• Bike to work scheme
• Sports and social activities
• Great annual office outings (Summer BBQ, Christmas party, charity runs)
• Bits & Bobs days (Half day every quarter to get your Bits & Bobs done)
• Learning and Development Opportunities

Cubic Telecom is an equal opportunities employer and committed to fostering a diverse and inclusive workplace.