Description
Reporting to the CISO, the Head of Information Security – Compliance and Governance will lead Proactis’ information security governance, compliance and assurance capability. The role will be responsible for maintaining and continuously improving the Information Security Management System (ISMS), driving audit readiness, strengthening control effectiveness and ensuring that Proactis can evidence robust security, privacy and operational assurance to customers, auditors and internal stakeholders.
This is a hands-on leadership role suited to an experienced security governance professional who can operate strategically while also being comfortable owning detail, evidence, documentation and delivery. The successful candidate will work closely with Product, Engineering, Cloud Infrastructure, Operations, Legal, HR, Finance, Sales and Customer Success to embed effective security governance into the way Proactis designs, delivers and supports its SaaS services.
Reporting to the CISO, the Head of Information Security – Compliance and Governance will lead Proactis’ information security governance, compliance and assurance capability. The role will be responsible for maintaining and continuously improving the Information Security Management System (ISMS), driving audit readiness, strengthening control effectiveness and ensuring that Proactis can evidence robust security, privacy and operational assurance to customers, auditors and internal stakeholders.
This is a hands-on leadership role suited to an experienced security governance professional who can operate strategically while also being comfortable owning detail, evidence, documentation and delivery. The successful candidate will work closely with Product, Engineering, Cloud Infrastructure, Operations, Legal, HR, Finance, Sales and Customer Success to embed effective security governance into the way Proactis designs, delivers and supports its SaaS services.
Requirements
- Lead, maintain and continuously improve Proactis’ ISMS, ensuring it remains effective, auditable and aligned with ISO 27001 requirements and business priorities.
- Own and coordinate external certification and assurance activities, including ISO 27001 audits and other customer or regulatory assurance requirements relevant to a SaaS provider.
- Drive audit readiness and evidence management across security, technology and business control areas, including ISAE 3402 Type II / SOC 1, SOC 2, ISO 27001 and related assurance frameworks where applicable.
- Maintain the security governance framework, including policies, standards, procedures, control documentation, risk registers, exceptions, evidence repositories and reporting packs.
- Lead internal security control reviews and internal audit activities, ensuring findings are clearly documented, risk-rated, tracked and remediated in a timely manner.
- Partner with Product, Engineering and Infrastructure teams to ensure security and compliance requirements are embedded into SaaS platform design, software development, change management and operational processes.
- Support customer assurance activities, including security questionnaires, due diligence requests, contractual security reviews, customer audits and evidence-based responses to enterprise customers.
- Support privacy and data protection governance, including GDPR-aligned processes, records of processing, DPIAs, supplier assessments and privacy-by-design activities in collaboration with Legal and other stakeholders.
- Ensure effective governance of third-party and supplier security risk, particularly for cloud, hosting, managed service and technology suppliers supporting Proactis’ SaaS services.
- Support security incident governance by ensuring escalation, notification, evidence capture, lessons learned and stakeholder communications processes are defined, tested and understood.
- Define and report meaningful security and compliance metrics, KPIs and KRIs to the CISO and senior stakeholders, using data to drive prioritisation and continuous improvement.
- Oversee security awareness, policy attestation and compliance training activities, ensuring colleagues understand their responsibilities in protecting customer and company information.
- Champion continuous improvement of governance, risk and compliance processes, including opportunities to improve automation, documentation quality, knowledge management and audit efficiency.
