Information Security Compliance Manager

Orbus Software is a leading provider of enterprise architecture software, supporting some of the world’s largest organisations in digital transformation and governance. With headquarters in the UK and offices in the USA, Australia, and satellite locations including Dubai and Qatar, we serve a truly global customer base. Security and compliance are at the heart of our business, underpinning our commitment to safeguarding customer data and maintaining trust.

We are seeking a hands‑on Information Security Compliance Manager to join our dynamic team. This role is key in ensuring Orbus Software maintains continuous compliance with major security frameworks, specifically ISO27001, IRAP, FedRAMP, and SOC 2 Type II. You will be the subject matter expert and primary point of contact for all compliance‑related activities, both internally and with external auditors.

• Compliance Management: Maintain and improve our compliance posture across ISO27001, IRAP, FedRAMP, and SOC 2 Type II frameworks, ensuring ongoing certification and audit‑readiness.
• Internal Audits: Plan and conduct regular internal audits to verify adherence to security controls and compliance requirements. Identify gaps, recommend remediation, and track actions to completion.
• External Audit Coordination: Act as the primary liaison with third‑party auditors, managing evidence collection, responding to requests, and ensuring timely delivery of audit materials.
• Policy & Documentation: Develop, review, and update security policies, procedures, and documentation to ensure they meet the latest compliance standards and reflect business needs.
• Risk Management: Lead the risk management process, including risk identification, assessment, mitigation, and reporting. Maintain the risk register and ensure leadership is informed of key risks and actions.
• Stakeholder Engagement: Work closely with the leadership team and business units to ensure understanding and implementation of required controls. Provide guidance and training as needed.
• Continuous Improvement: Identify opportunities to enhance security practices and compliance processes, driving a culture of continuous improvement across the business.

• Experience: Proven track record in information security compliance, ideally within a SaaS or software environment. Direct experience with ISO27001 and SOC2 Type II is essential, knowledge of IRAP & FedRAMP is beneficial.
• Skills: Strong knowledge of security controls, audit processes, and risk management. Excellent communication skills, with the ability to engage technical and non‑technical stakeholders.
• Attributes: Detail‑oriented, organised, and proactive. Comfortable working independently.
• Qualifications: Relevant certifications such as CISM, CISA, CISSP, or ISO27001 Lead Auditor/Implementer are highly desirable.

• The opportunity to shape and mature the compliance function in a growing, international software company.
• A collaborative and innovative culture, where security is valued at every level.
• Competitive salary and benefits package.
• Hybrid working model, 3 days in the office and 2 days at home

Trust: We build trust across our people, customers and partners through honesty, transparency and communication.

Empowerment: We empower our customers and our people with growth, development and experience.

Clarity: We provide clarity and sense of purpose, focused on helping everyone achieve success and forging a clear vision of the future.

Harmony: We work as one team, collaborating closely so we can sustainably change and grow.

Find your place at Orbus - We're a diverse and inclusive workplace that promotes a sense of belonging allowing all of our people to bring their whole selves to work every day.

Recruitment Companies - Thank you for your interest in our roles – we do not accept unsolicited CVs from recruiters or employment agencies. We will not consider or agree to payment of any referral compensation or recruiter fee relating to any unsolicited CVs.

Offers of employmentwill be dependent on satisfactory references and background checks