×
Apply for Jobs Apply for Jobs Post a Job Post a Job Local Jobs Home
Register Here to Apply for Jobs or Post Jobs. X
More jobs:
Cybersecurity Information Security

ISMS Compliance Manager

Job in Tucson, Pima County, Arizona, 85718, USA
Listing for: Hexagon Mining
Full Time position
Listed on 2026-06-21
Job specializations:
  • IT/Tech
    Cybersecurity, Information Security
Salary/Wage Range or Industry Benchmark: 100000 - 125000 USD Yearly USD 100000.00 125000.00 YEAR
Job Description & How to Apply Below

The Company

Hexagon is a global leader in digital reality solutions, combining sensor, software, and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality, and safety across industrial, manufacturing, infrastructure, public sector, and mobility applications. Our technologies are shaping the production and people-related ecosystems to become increasingly connected and autonomous — ensuring a scalable, sustainable future. Hexagon’s Mining division solves surface and underground mine challenges with proven technologies for planning, operations, and safety.

Hexagon (Nasdaq Stockholm: HEXA

B) has approximately 24,000 employees in 50 countries and net sales of approximately 5.5bn USD. Learn more at

The Role

The Compliance Manager is accountable for the design, operation, and continuous improvement of the organisation’s Information Security Management System (ISMS) and its associated certification programme. This role is not a technical security engineering position. Instead, it demands a highly organised, process-oriented compliance professional who can orchestrate cross-functional teams, manage external auditors, close control gaps, and ensure that the control environment remains audit-ready at all times.

The Compliance Manager serves as the primary interface between the organisation’s day-to-day operations and its ISO 27001 certification obligations.

Major Areas Of Responsibility
  • ISMS Program Ownership
    • Own, maintain, and continuously improve the ISO 27001‑aligned ISMS, including its scope, Statement of Applicability, risk treatment plan, and supporting documentation.
    • Serve as the internal subject‑matter authority for ISO/IEC 27001 requirements and supplementary standards.
    • Maintain the certification roadmap and annual audit calendar, coordinating with the certification body and internal audit.
    • Ensure alignment with strategy, business changes, regulatory updates, and threat shifts.
  • Control Framework Management
    • Maintain an authoritative ISO 27001 control framework, mapping Annex A controls to business processes, asset owners, and accountable teams.
    • Conduct and manage periodic control effectiveness assessments.
    • Drive gap remediation: identify deficiencies, assign owners, set target dates, track progress, and escalate as needed.
    • Ensure evidence artefacts are complete, current, and retained per the ISMS framework.
    • Manage policy and procedure lifecycle: drafting, review, approval, version control, and annual attestation.
  • Audit Management & Readiness
    • Scope, plan, and manage internal and external ISO 27001 audits.
    • Serve as liaison with the certification body: coordinate logistics, manage schedule, prepare meetings, facilitate auditor access.
    • Proactively assess control adequacy before audits.
    • Manage audit findings: root‑cause analysis, corrective actions, evidence of closure, follow‑up.
    • Maintain perpetual audit‑readiness posture.
  • Risk Management Integration
    • Facilitate risk assessment and treatment, identifying, evaluating, and treating information security risks.
    • Maintain the risk register and treatment plan, tracking decisions and progress.
    • Ensure risk outputs reflected in the SoA and control framework, escalating significant residual risks.
  • Cross‑Functional Stakeholder Engagement
    • Identify and engage owners across product, engineering, infrastructure, IT, legal, HR, and operations to obtain evidence, close gaps, and ensure control sustainability.
    • Facilitate Management Review meetings, prepare agenda, risk summaries, audit results, and improvement recommendations.
    • Develop stakeholder engagement model clarifying ISMS responsibilities.
    • Act as advisor to leadership on compliance posture, certification status, and risks.
    • Support teams on information security questions and customer security questionnaires.
    • Manage and support incident response efforts.
  • Compliance Programme Governance
    • Maintain a compliance calendar covering ISMS obligations.
    • Produce regular compliance status reports and dashboards.
    • Contribute to supplier assurance activities by assessing third‑party compliance requirements.
Key Stakeholders
  • VP of Information Technology and Data
  • Group Privacy and Information Security Officer
  • Group…
To View & Apply for jobs on this site that accept applications from your location or country, tap the button below to make a Search.
(If this job is in fact in your jurisdiction, then you may be using a Proxy or VPN to access this site, and to progress further, you should change your connectivity to another mobile device or PC).
 
 
 
Search for further Jobs Here:
(Try combinations for better Results! Or enter less keywords for broader Results)
Location
Increase/decrease your Search Radius (miles)
0
200
Filters
Education Level
Experience Level (years)
Posted in last:
Salary
Advanced Search