IS Compliance Manager

Requirements

• A Bachelor's degree in Information Security, Computer Science, or a related field
• At least five years of experience in an information security compliance role, including direct hands‑on exposure to ISO 27001 and SOC audits
• Strong working knowledge of Sidetrade's three core certifications: ISO 27001, SOC 1 Type II and SOC 2 Type II
• ISO 27001 Lead Implementer certification or equivalent
• Hands‑on experience operating a GRC tool such as Drata, Vanta, OneTrust or equivalent
• Proven experience handling customer security questionnaires and supplier security reviews at scale, ideally in a B2B SaaS context
• Comfortable participating in prospect and customer calls alongside Sales and Pre‑Sales, presenting security topics in a clear, commercially aware way to both technical and non‑technical audiences
• Experience operating a global ISMS across multiple business functions (Business, Finance, HR, Procurement, IT, Product, R&D)
• Demonstrated people‑management skills: coaching and developing a junior team member, prioritising their workload, setting clear objectives and giving regular feedback
• Genuine interest in technology, AI and operational engineering, with the ability to hold technical conversations with engineers, product managers and IT operations. This is not a paper‑and‑PDF compliance profile
• Excellent written and verbal communication skills in English and French, including the ability to present security topics to customers, auditors and executives
• High attention to detail, autonomy and the ability to work cross‑functionally with technical and non‑technical stakeholders
• Build trust across the business by treating every interaction as a chance to strengthen the working relationship, and by finding compliance solutions that respect the operational and commercial constraints of the team in front of you
• Working knowledge of PCI DSS controls and audit requirements
• Familiarity with NIST CSF / 800‑53 and ISO 27017 / 27018
• Working knowledge of GDPR and general data privacy principles

What the job involves

• Run Sidetrade's compliance programme and ISMS day‑to‑day, deputising for the customer‑facing CISO function on technical and audit matters
• Plan and lead the full external audit calendar: ISO 27001 surveillance and recertification, SOC 1 Type II and SOC 2 Type II
• Run the ISO 27001 internal audit programme, including the annual blank / mock audit and management review preparation
• Own how Sidetrade responds to customer and prospect security questionnaires, RFIs, RFPs and due‑diligence requests, and grow a knowledge base that makes every next response faster than the last
• Lead supplier and third‑party security assessments end‑to‑end: intake, risk tiering and remediation tracking
• Join prospect and customer security discussions alongside Sales, Pre‑Sales and Customer Success, and present Sidetrade's security posture and certifications with the confidence of someone who actually built the controls
• Contribute to reviewing and shaping the security sections of contracts, DPAs and security documents and keep customer security relationships strong well after the deal is signed
• Develop, maintain and roll out information security policies, standards and procedures aligned with ISO 27001, SOC 1 and SOC 2 requirements
• Run the information security risk management cycle (identification, assessment, treatment, monitoring) and chase remediation of audit findings and control gaps across every in‑scope department
• Make our GRC platform (Drata or equivalent) do the heavy lifting on evidence collection, control monitoring, policy management and continuous compliance
• Produce the KPI dashboards and management reports that tell the real story of ISMS health, audit status, questionnaire throughput and supplier risk
• Directly manage the Information Security Compliance Analyst: set clear objectives, prioritise the backlog, and run regular 1:1s and performance reviews
• Coach and grow the Analyst on ISO 27001, SOC and audit practices, turning them into a more autonomous compliance professional over time