IT Compliance and Security Manager at PlotBox

IT Compliance and Security Manager

Location: UK - please note if based in Northern Ireland there will be a requirement to work in the office 2 days per week.

We are excited to share this newly created role of  IT Compliance and Security Manager. 

In this role you will play a pivotal role in ensuring our organisation's adherence to regulatory requirements, industry standards, and internal policies, with a specific focus on ISO 27001, SOC 1, and SOC 2. 

Your responsibilities will encompass the development, implementation, and management of a comprehensive IT compliance and security program to safeguard the confidentiality, integrity, and availability of our information assets. Additionally, you will collaborate with customers during annual and financial audits, ensuring the seamless integration of our security practices with their auditing processes. 

This role requires a deep understanding of IT security principles, regulatory frameworks, risk management, and effective communication with both internal and external stakeholders.

Responsibilities:

Compliance Management:

• Stay abreast of relevant laws, regulations, and industry standards, with a particular emphasis on ISO 27001, SOC 1, and SOC 2.
• Develop, implement, and manage a comprehensive IT compliance program that aligns with ISO 27001, SOC 1, and SOC 2 requirements.
• Conduct regular compliance assessments and audits, ensuring alignment with established policies and procedures.
• Collaborate with legal and regulatory affairs teams to address compliance requirements specific to ISO 27001, SOC 1, and SOC 2
• Develop and update IT security policies, standards, and procedures, ensuring alignment with ISO 27001, SOC 1, and SOC 2 frameworks.
• Ensure effective communication and understanding of security policies throughout the organization.

Risk Management:

• Conduct risk assessments, focusing on ISO 27001, SOC 1, and SOC 2 criteria, to identify and prioritize potential threats and vulnerabilities.
• Develop and implement risk mitigation strategies and action plans.
• Collaborate with other departments to integrate security measures into business processes, specifically addressing ISO 27001, SOC 1, and SOC 2 requirements.

Incident Response and Investigation:

• Develop and maintain an incident response plan tailored to ISO 27001, SOC 1, and SOC 2 standards.
• Lead investigations into security incidents, ensuring timely resolution and documentation in line with ISO 27001, SOC 1, and SOC 2 frameworks.
• Create and implement data testing strategies to ensure a high quality data migration"

Security Awareness and Training:

• Develop and deliver IT security awareness and training programs, incorporating ISO 27001, SOC 1, and SOC 2 principles.
• Foster a culture of security consciousness throughout the organization.

Vendor Management:

• Evaluate and monitor the security practices of third-party vendors, emphasizing ISO 27001, SOC 1, and SOC 2 compliance.
• Ensure vendors comply with established security standards and contractual obligations.

Collaboration with Customer Audits:

• Work closely with customers during annual and financial audits, providing necessary documentation and ensuring alignment with audit requirements.
• Serve as a liaison between internal teams and external auditors to facilitate a smooth audit process.
• Address customer inquiries regarding our IT compliance and security practices.

Security Monitoring and Reporting:

• Implement and manage security monitoring tools and processes in line with ISO 27001, SOC 1, and SOC 2 requirements.
• Generate regular reports on the status of IT security, compliance, and incidents for management review. 

Disaster Recovery

• As the owner of the Disaster Recovery process, you'll take charge of developing and implementing recovery plans, ensuring accountability throughout the process. 
• Your role involves assessing risks, crafting mitigation strategies, and collaborating with cross-functional teams. 
• You will design and maintain effective recovery procedures, owning the swift restoration of critical systems post-disaster. 
• Oversee regular drills to enhance recovery plan effectiveness. Your focus is on ensuring organisational resilience with efficiency and responsibility.

Internal IT Support

• Manage the Internal IT Function in the Business
• Maintain asset register for internal devices
• Implement standard process principles or IT hardware and asset management 
• Implement and manage the correct internal security protocols for User profiles, domains and data  

What we are looking for : 

• Bachelor’s degree in Information Technology, Computer Science or a related field.
• Professional certifications such as CISSP, CISM, CISA, 
• Proven experience in IT compliance, Internal IT Support, information security, or a related field.
• Strong understanding of regulatory requirements, standards, and frameworks, especially ISO 27001, SOC 1, and SOC 2.

Desirable Experience -Its not a deal breaker, but ideally you will have: 

• Specific certifications related to ISO 27001, SOC 1, and SOC 2.

Company Summary 

PlotBox is the innovative cloud-based deathcare management solution that enables cemeteries, crematories and funeral homes to serve their families in the best way possible. We are very clear on our mission; to take away some of the pain for families dealing with death and those who serve them, and provide our customers with more time for what matters. 
 

Headquartered in Northern Ireland, with offices in the United States and Australia, our growing, 100-strong multidisciplinary team of experts provides our partners with the same professional levels of service, support and satisfaction across the globe. We live and breathe our core values – Tenacity, Teamwork and Trust.
 

We have a passion for tech and innovation, actively exploiting new and cutting-edge tools and technologies to enhance our product and skillset. We actively promote from within and our dynamic scale up culture ensures that proactivity and initiative are rewarded with excellent career opportunities, progression and mobility.
 

How would our team describe life at PlotBox? When asked to describe our company, they use words such as: ‘fun, respect, care, team spirit, family feel, trust, happy, listen, sense of accomplishment, flexibility, development’.

We are proud that, for the third year running, we have received our Great Place to Work® Certification and have placed in the Top Ten UK’s Best Workplaces™ 2023 Medium Organisations. This follows our top ten ranking on the 2022 UK’s Best Workplaces™ in Tech list, as well as being named one of the 2022 UK’s Best Workplaces™ For Women, and one of the 2022 UK's Best Workplaces™ for Wellbeing.  

Our staff have told us loud and clear that they love working for PlotBox; from the relaxed working environment to feeling truly valued in their roles. In addition, our purpose-driven mission and the sense of pride in doing what we do - to ultimately lessen people’s pain at the most difficult time of their lives - means a lot to our team.

Benefits Offered by PlotBox

Our headquarters are ideally placed in the beautiful and scenic countryside location around Ballymena, along with other office locations in the USA and Australia.  We are constantly increasing our list of benefits which currently include:

• Investment in employee growth, and opportunity for development
• Regular wellbeing initiatives and health cash plans
• Safe and supportive culture; we foster continuous improvement in all aspects of work
• Career mobility and progression
• Regular travel opportunities
• Flexible working hours
• Hybrid Working - between office and home locations
• Pension
• Life Insurance
• Active social and charity committee - lots of social events throughout the year
• Office perks: fridge and larder fully stocked with unlimited drinks and snacks
• Free Parking