Principal Security Assurance & Compliance Manager in Newbury

About the Company

VOIS (Vodafone Intelligent Solutions) is the strategic arm of Vodafone Group Plc that supports the global telco industry with next‑generation solutions and services.

About the Role

We are seeking an experienced security assurance and compliance professional to ensure the Vodafone Cloud & Infrastructure (VCI) adheres to all relevant cyber security regulations, statutory obligations, frameworks and internal standards. This role protects Vodafone’s infrastructure, services, data and brand by identifying compliance gaps, driving remediation, and embedding a risk‑based Governance, Risk and Control (GR&C) approach across VCI. The individual will operate at senior stakeholder level, managing complex audits, regulatory expectations and cross‑functional dependencies in a highly regulated, international environment.

What You’ll Do

• Identify, interpret and map applicable regulatory, statutory and security requirements (including GDPR, NIS2, AI Act and country‑specific regulations) relevant to VCI.
• Govern and conduct enterprise‑wide risk assessments and gap analyses to assess compliance maturity and identify non‑conformities.
• Design, introduce and operate a comprehensive Governance, Risk & Compliance (GR&C) framework using a risk‑led methodology.
• Drive implementation and continuous improvement of security controls, processes and policies aligned to regulatory and Vodafone Group requirements.
• Establish and manage a global repository of control requirements to streamline audit evidence, reduce duplication and enable “Audit/Evidence/Compliance as a Service.”
• Monitor ongoing compliance through continuous control evaluation and coordinate timely closure of identified gaps.
• Act as the primary point of contact for internal and external audits within the defined scope, including SOX and GDPR.
• Collaborate closely with Technology, Cyber Security, Finance, Legal and business teams to embed compliance into operational processes.
• Provide regular, clear reporting on compliance status, risks and remediation progress to senior leadership, including Group Technology leadership forums.

Who You Are

• Bring over five years’ experience in cyber security compliance, regulatory assurance, risk assessments and audits.
• Have strong working knowledge of ISO 27001, NIST, GDPR and emerging EU regulations such as the Cyber Resilience Act and Post‑Quantum Cryptography considerations.
• Have hands‑on experience designing and operating GR&C methodologies and using compliance and risk management tools.
• Are confident developing policies, procedures and control frameworks, and coordinating across diverse international stakeholders.
• Can communicate complex technical and regulatory topics clearly to both technical and non‑technical audiences.
• Demonstrate analytical thinking, sound judgement and adaptability in the face of evolving regulatory and threat landscapes.

What’s In It For You

• The opportunity to influence security and compliance strategy across a critical global technology function.
• Exposure to senior leadership and participation in high‑impact regulatory and transformation initiatives.
• A collaborative, international working environment with strong cross‑functional engagement.
• The ability to shape a future‑focused, risk‑led compliance model within Vodafone’s technology landscape.

What Skills You Will Learn

• Advanced application of risk‑based compliance and assurance methodologies at scale.
• Building and operating integrated audit and evidence management models.
• Navigating emerging EU and global cyber regulations within a complex enterprise.
• Strengthening stakeholder engagement and executive‑level reporting in regulated environments.

Equal Opportunity Employer

Vodafone recognises and celebrates the value of diversity in building a workforce that reflects the customers and communities it serves. No form of discrimination is tolerated. This includes, but is not limited to, discrimination based on race, colour, age, veteran status, gender identity, gender expression, sexual orientation, pregnancy, maternity or parental status, ethnicity, disability, religion or belief, political affiliation, trade union membership, nationality, citizenship, indigenous status, medical condition, HIV status, neurodiversity, social origin, cultural background, marital or civil partnership status, or socio‑economic background.

Alert: Apply for Vodafone jobs only through the official Vodafone Careers website to avoid job scams and fraud.