We are looking for a Senior Compliance Manager with strong and seasoned hands-on experience in IT service companies to lead our compliance and data protection framework from a contractual, regulatory, and information security perspective.
This role is operational and execution-focused, not advisory only. You will be responsible for building, implementing, and maintaining a robust compliance program that is closely tailored to our software engineering services business model and complies with the data security and contractual requirements of our enterprise-level clients.
Day-to-day, you will practically translate client contractual obligations into actionable compliance controls, work closely with Legal, Delivery, IT, and Security Departments to evaluate and identify vulnerabilities, propose and implement workable solutions, and ensure continuous audit readiness (ISO 27001, SOC2, and client-driven audits). This role also involves supporting internal and external audits, client due diligence questionnaires, vendor risk activities, internal compliance onboarding, and ongoing training of Proxet personnel, and ongoing alignment with client security expectations across multiple jurisdictions (U.S., Europe, Latin America).
If you understand how compliance works inside a global IT services organization, this role is for you. Responsibilities * Reviewing and interpreting client contractual requirements with respect to security, compliance, and data privacy into actionable and deployable operational activities consistent with industry practice for a software engineering services business. * Build and maintain a compliance chart per client by mapping client requirements to internal controls. Identify gaps and coordinate remediation with IT, Security, Delivery, and Legal Departments. * Conduct quarterly internal compliance audits across projects. * Implement and maintain GDPR compliance, support DPA review and negotiation. * Ensure new client pre-sales and onboarding align with the Company’s compliance program. * Ensure proper data classification and data handling controls. * Contribute to the development and maintenance of internal policies, procedures, and controls related to security and compliance. * Perform risk assessments and develop appropriate risk treatment plans. * Support vendor and third-party risk management processes and assessments. * Monitor changes in regulatory landscapes and translate them into actionable recommendations. * Create and deliver Company-wide appropriate and tailored awareness training on data protection and regulatory compliance requirements for internal teams. * Act as a point of contact for compliance-related topics during engagements and audits. * Apply data retention and secure data disposal requirements in line with regulatory and contractual obligations. * Follow and support the company’s established cybersecurity standards and roadmap, ensuring alignment with defined requirements, milestones, and priorities. * Prepare compliance dashboards and reports for leadership.
Requirements * 5+ years of experience in compliance, GRC, risk management. * 4+ years of experience in compliance in an IT service/outsourcing company. * Hands-on experience with security frameworks (e.g., ISO/IEC 27001, SOC 2) and standards implementation and remediation experience. * Excellent English skills, including familiarity with and strong contractual review skills (MSA, SOW, DPA), and experience in collaborating with Legal Departments. * Strong familiarity with global data protection laws (GDPR, CCPA/CPRA, UK GDPR) and practical GDPR, CCPA/CPRA, DPF implementation experience. * Understanding of industry-specific compliance and regulatory standards across sectors, including funds, healthcare, and private equity. * Ability to support Engineering (Delivery) by identifying and tracking compliance issues and coordinating timely mitigation actions with relevant stakeholders. * Ability to translate regulatory and security requirements into practical, business-aligned, actionable controls. * Ability to conduct risk assessments and define appropriate risk treatment measures. * Understanding of data handling, intellectual property rights, and related contractual considerations. * Experience with controls and governance for AI usage. * Experience preparing and maintaining documentation for audits, regulators, and clients. * Strong attention to detail and ability to manage multiple compliance initiatives in parallel. * Strong communication and interpersonal skills. * Strong documentation skills and high attention to detail. * English: Upper intermediate or higher. * Ability to work independently and as part of a team.
Would be a plus: * Experience with regulatory requirements across multiple jurisdictions (e.g., U.S., Europe, Latin America). * Practical experience with BCP/DRP implementation and maintenance. * Hands-on experience with healthcare compliance frameworks (e.g., HIPAA). * Experience with the investment fund clients and private equity vertical domain expertise, including PCI DSS. * Professional certifications such as CCEP, CISA, CISM, CRISC, CISSP, or equivalent. * Experience in data-intensive projects (DWH, BI, AI, analytics).