IS Compliance Manager

Information Security Compliance Manager

As Information Security Compliance Manager, you will own that trust day-to-day, lead our audits, walk into customer security conversations alongside Sales, and grow a talented Analyst by your side.

What you will be doing:

• Run Sidetrade's compliance programme and ISMS day-to-day, deputising for the customer-facing CISO function on technical and audit matters.
• Plan and lead the full external audit calendar: ISO 27001 surveillance and recertification, SOC 1 Type II and SOC 2 Type II.
• Run the ISO 27001 internal audit programme, including the annual blank / mock audit and management review preparation.
• Own how Sidetrade responds to customer and prospect security questionnaires, RFIs, RFPs and due-diligence requests, and grow a knowledge base that makes every next response faster than the last.
• Lead supplier and third-party security assessments end-to-end: intake, risk tiering and remediation tracking.
• Join prospect and customer security discussions alongside Sales, Pre-Sales and Customer Success, and present Sidetrade's security posture and certifications with the confidence of someone who actually built the controls.
• Contribute to reviewing and shaping the security sections of contracts, DPAs and security documents and keep customer security relationships strong well after the deal is signed.
• Develop, maintain and roll out information security policies, standards and procedures aligned with ISO 27001, SOC 1 and SOC 2 requirements.
• Run the information security risk management cycle (identification, assessment, treatment, monitoring) and chase remediation of audit findings and control gaps across every in-scope department.
• Make our GRC platform (Drata or equivalent) do the heavy lifting on evidence collection, control monitoring, policy management and continuous compliance.
• Produce the KPI dashboards and management reports that tell the real story of ISMS health, audit status, questionnaire throughput and supplier risk.
• Directly manage the Information Security Compliance Analyst: set clear objectives, prioritize the backlog, and run regular 1:1s and performance reviews.
• Coach and grow the Analyst on ISO 27001, SOC and audit practices, turning them into a more autonomous compliance professional over time.

What you will bring:

• A Bachelor's degree in Information Security, Computer Science, or a related field.
• At least five years of experience in an information security compliance role, including direct hands‑on exposure to ISO 27001 and SOC audits.
• Strong working knowledge of Sidetrade's three core certifications: ISO 27001, SOC 1 Type II and SOC 2 Type II.
• ISO 27001 Lead Implementer certification or equivalent.
• Hands‑on experience operating a GRC tool such as Drata, Vanta, OneTrust or equivalent.
• Proven experience handling customer security questionnaires and supplier security reviews at scale, ideally in a B2B SaaS context.
• Comfortable participating in prospect and customer calls alongside Sales and Pre‑Sales, presenting security topics in a clear, commercially aware way to both technical and non‑technical audiences.
• Experience operating a global ISMS across multiple business functions (Business, Finance, HR, Procurement, IT, Product, R&D).
• Demonstrated people‑management skills: coaching and developing a junior team member, prioritising their workload, setting clear objectives and giving regular feedback.
• Genuine interest in technology, AI and operational engineering, with the ability to hold technical conversations with engineers, product managers and IT operations. This is not a paper‑and‑PDF compliance profile.
• Excellent written and verbal communication skills in English and French, including the ability to present security topics to customers, auditors and executives.
• High attention to detail, autonomy and the ability to work cross‑functionally with technical and non‑technical stakeholders.
• Build trust across the business by treating every interaction as a chance to strengthen the working relationship, and by finding compliance solutions that respect the operational and commercial constraints of the team in front of you.
• Working knowledge of PCI DSS controls and audit requirements.
• Familiarity with NIST CSF / 800‑53 and ISO 27017 / 27018.
• Working knowledge of GDPR and general data privacy principles.

Benefits

• Hybrid work model – a flexible mix of in‑office and remote days.
• Great culture – active Social Club organising regular team events and activities.
• Health & wellness – medical coverage, life insurance and other wellness programs.
• Time off – competitive paid holidays plus public holidays.
• Career growth & compensation – competitive salary, equal opportunities, Edenred card, learning & mentorship programs, and advancement support.

We’re committed to providing a welcoming and inclusive experience for every candidate. If you need any accommodation during the hiring process, just let us know.