Head of Compliance

The Job:

We are delighted to be assisting our client with their newly created role for a Head of Compliance. This is an exciting time to be joining this local, growing and forward thinking organising in Bristol. This role will be tolead their information security compliance efforts, specifically in line with ISO/IEC 27001 , ISO/IEC 42001 and Cyber Essentials PLUS standards. In this role you will be responsible for maintaining, auditing, and continuously improving their Information Security Management System (ISMS), overseeing compliance initiatives, coordinating with internal teams, and ensuring the organization remains audit-ready.

Additionally you will be implementing (alongside the technical and sales team) a Compliance as a Service ( CasS ) in which helps their clients with Pre Audits, Gap Analysis, Training and helping customer maintain their ISO Certifications.

Key Responsibilities:

• Instrumental in the building of a new Team to deliver CaaS and supporting services.
• Develop, implement, and maintain the Information Security Management System (ISMS) aligned with ISO/IEC 27001 and Cyber Essentials PLUS standards.
• Lead internal audits, gap assessments, and risk assessments for ISO 27001 and Cyber Essentials PLUS.
• Coordinate and manage external audits and certifications, including liaison with third-party auditors.
• Maintain the Statement of Applicability (SoA), Risk Treatment Plans, and supporting documentation.
• Identify compliance gaps and lead remediation activities.
• Oversee incident management, business continuity, and data protection processes as part of ISMS requirements.
• Stay current on changes to ISO 27001 and Cyber Essentials PLUS frameworks, regulatory expectations, and cybersecurity threats.
• Develop and deliver security and compliance awareness training across the organisation.
• Collaborate with IT, Legal, HR, and other departments to implement and maintain technical and procedural controls.
• Ensure timely and thorough documentation of controls, risk treatment actions, and evidence required for certification.

The Person:

For this role our client is looking for someone who has an in-depth knowledge of ISO/IEC 27001. For this role you could be a Lead Auditor, Compliance Officer or have led an ISO 27001 implementation for your organisation and are keen to progress your career. The following experience is also key in order to be successful in this role.

• ISO/IEC 27001 Lead Auditor or Lead Implementer certification.
• Familiarity with GDPR, NIS2, ISO/IEC 42001or other data protection and security regulations.
• Experience with GRC platforms or compliance automation tools.
• Cyber Essentials PLUS hands-on assessment or audit experience.
• Certifications such as CISSP, CISM, or CISA would be advantageous.

The Location:

Bristol (hybrid working)

The Hours:

Monday - Friday 9am - 5.30pm

The Salary:

£40-55,000