ISMS Compliance Manager
Hexagon Mining, Inc.
The Company:
Hexagon is a global leader in digital reality solutions, combining sensor, software, and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality, and safety across industrial, manufacturing, infrastructure, public sector, and mobility applications.
Our technologies are shaping the production and people-related ecosystems to become increasingly connected and autonomous — ensuring a scalable, sustainable future.
Hexagon’s Mining division solves surface and underground mine challenges with proven technologies for planning, operations, and safety.
Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,000 employees in 50 countries and net sales of approximately 5.5bn USD. Learn more at hexagon.com and follow us @HexagonAB.
The Role:
The Compliance Manager is accountable for the design, operation, and continuous improvement of the organisation’s Information Security Management System (ISMS) and its associated certification programme. This role is not a technical security engineering position. Instead, it demands a highly organised, process-oriented compliance professional who can orchestrate cross-functional teams, manage external auditors, close control gaps, and ensure that the control environment remains audit-ready at all times. The Compliance Manager serves as the primary interface between the organisation’s day-to-day operations and its ISO 27001 certification obligations.
Major Areas of Responsibility:
- ISMS Program Ownership
- Own, maintain, and continuously improve the ISO 27001-aligned Information Security Management System (ISMS), including its scope, Statement of Applicability (SoA), risk treatment plan, and all supporting documentation.
- Serve as the internal subject-matter authority for ISO/IEC 27001 standard requirements and, where applicable, supplementary standards (ISO 27002, 27005, 27017, 27018, SOC 2 overlap).
- Maintain the organisation’s certification roadmap and annual audit calendar, coordinating with the external certification body and any internal audit function.
- Ensure the ISMS programme remains aligned with organisational strategy, evolving business requirements, regulatory changes, and threat landscape shifts.
- Control Framework Management
- Maintain a complete, current, and authoritative ISO 27001 control framework, mapping Annex A controls (and relevant supplementary controls) to business processes, asset owners, and accountable teams.
- Conduct and manage periodic control effectiveness assessments to verify that controls are designed adequately and are operating as intended.
- Drive gap remediation: identify control deficiencies, assign remediation owners, set target dates, track progress to closure, and escalate where timelines are at risk.
- Ensure evidence artefacts (policies, procedures, records, logs, test results) are complete, current, well-organised, and retained in accordance with the ISMS evidence management framework.
- Manage policy and procedure lifecycle—drafting, review, approval, version control, and annual attestation—in collaboration with policy owners.
- Audit Management & Readiness
- Scope, plan, and manage both internal and external ISO 27001 audits (Stage 1, Stage 2 certification, and annual surveillance/recertification audits).
- Serve as the primary liaison with the external certification body: coordinate logistics, manage the audit schedule, prepare opening and closing meetings, and facilitate auditor access to systems, evidence, and personnel.
- Proactively assess control adequacy before external audits.
- Manage all audit findings (minor nonconformities, major nonconformities, and observations): ensure timely root cause analysis, corrective action plans, evidence of closure, and follow-up verification.
- Maintain a perpetual audit-readiness posture, ensuring the organisation can demonstrate an effective ISMS at any point during the certification cycle—not only at audit time.
- Risk Management Integration
- Facilitate the information security risk assessment and risk treatment process working with technical and business stakeholders to identify, evaluate, and treat information security risks.
- Maintain the risk register and risk treatment plan, tracking risk acceptance decisions, treatment progress, and residual risk posture.
- Ensure risk assessment outputs are reflected in the SoA and control framework, and that significant residual risks are escalated appropriately to leadership.
- Cross-Functional Stakeholder Engagement
- Identify and engage the correct accountable owners across product, engineering, infrastructure, IT, legal, HR, and business operations to obtain evidence, close gaps, and ensure control sustainability.
- Facilitate Management Review meetings as required by the standard, preparing agenda materials, risk summaries, audit result summaries, and improvement recommendations.
- Develop and maintain a stakeholder engagement model that clarifies each team’s ISMS responsibilities without requiring them to become compliance specialists.
- Act as a trusted advisor to leadership on the organisation’s compliance posture, certification status, and material risks.
- Support teams as they address questions regarding information security management, including responses to customer security questionnaires
- Manage and support incident response efforts, including containment, investigation, and recovery.
- Compliance Programme Governance
- Maintain a compliance calendar covering ISMS obligations—control reviews, policy attestations, risk assessments, internal audits, and external audit milestones.
- Produce regular compliance status reports and management dashboards that accurately reflect the state of the control environment, open gaps, and remediation progress.
- Contribute to supplier assurance activities by assessing third-party compliance requirements relevant to the ISMS scope.
Key Stakeholders:
This role will be successful if able to build relationships and work directly with the following stakeholders:
- VP of Information Technology and Data
- Group Privacy and Information Security Officer
- Group Governance, Risk, and Compliance
- SVP of Product
- SVP of Engineering
- Engineering Management
- Legal and Compliance
Knowledge and Experience - Required:
- Bachelor’s degree in Information Security, Computer Science, Business Administration, or a related field; or equivalent professional experience.
- 5+ years of experience in information security compliance, GRC (Governance, Risk, and Compliance), or audit management roles.
- Demonstrated, hands-on experience managing an ISO 27001 ISMS through at least one full certification or recertification audit cycle—including scoping, internal audits, external audit management, and nonconformity remediation.
- Proven ability to manage cross-functional stakeholders without direct authority—influencing product, engineering, HR, legal, and operations teams to meet compliance obligations.
- Experience maintaining control frameworks, risk registers, and ISMS documentation libraries.
- Track record of writing and managing information security policies and procedures.
Knowledge and Experience - Desired:
- Deep knowledge of the ISO/IEC 27001:2022 standard, Annex A controls, and supporting guidance in ISO/IEC 27002:2022.
- Strong understanding of information security risk assessment methodologies.
- Ability to read, interpret, and apply compliance and audit requirements without needing to be a hands-on technical security practitioner.
- Excellent written and verbal communication skills; able to translate complex compliance requirements into clear, actionable guidance for non-security audiences.
- Strong project and programme management skills: ability to manage multiple workstreams, deadlines, and stakeholders simultaneously.
- CISM (Certified Information Security Manager) or CRISC (Certified in Risk and Information Systems Control).
- Working knowledge of complementary frameworks such as SOC 2 (Type I/II), NIST CSF, CIS Controls, GDPR, or CCPA—particularly where they overlap with or supplement the ISO 27001 control environment.
- Prior experience in a regulated industry (financial services, healthcare, or public sector) where certification drives contractual or regulatory obligations.
Travel:
- Travel is expected to complete job function - including potential significant periods of travel related to coordination of audit readiness and execution. Overall travel is not to exceed 50% of time.
Hexagon is an Equal Opportunity Employer. We prohibit discrimination against any job applicant based on protected characteristics.
$106k - $197k
...compilation, which includes the development of submission/product registration dossiers of more complex products/programs. You develop and manage parts of comprehensive global regulatory submissions and registration plans. Specifically, you bring knowledge of USFDA regulations...SuggestedLocal areaRelocation package$21 per hour
...Description Job Overview: As the Compliance Coordinator, you will be responsible for regularly touring the neighborhoods street-... ...~Previous experience in compliance monitoring, property management, or related field is highly preferred Physical Requirements...SuggestedHourly payFull timeWork at officeLocal areaMonday to Friday- ...ProStratus, a Certified Level 2 Managed Security Service Provider (MSSP), is seeking a skilled CMMC Compliance Analyst to join our team. In this role, you will play a critical part in supporting our clients’ efforts to achieve and maintain Cybersecurity Maturity Model...Suggested
- ...physicians and advanced practice providers. This role ensures compliance with federal and state regulations, accreditation standards, payer... ...provider records and timely enrollment. Responsibilities Manage the credentialing and recredentialing process for physicians and...SuggestedWork at office
$10 per hour
...our nursing strategy, ensuring the highest standards of care, compliance, and innovation. You'll collaborate with executive leadership to... ...talent to build a high-performing, compassionate care team. Manage nursing budgets, staffing plans, and resource allocation to support...SuggestedTemporary workLocal area- ...government agencies. AKIVA is a certified Service-Disabled Veteran-Owned Small Business (SDVOSB). Position Overview The Compliance & HR Manager owns workforce compliance, onboarding administration, personnel documentation, employment eligibility verification,...Long term contractFull timeContract workTemporary workWork at officeLocal areaWork from homeFlexible hours
$36.19 per hour
Job Description Job Description Asset Protection & Security Services, a 30-year company, with 24 years of those years specializing in detention and transportation, is looking for people to be part of our team. If you meet the requirements or have questions, please ...- ...medical billing knowledge and understanding in order to monitor and manage accounts, claims, claims resolution, accounts receivable, and... ...etc.) Keep track and process accounts and incoming payments in compliance with financial policies and procedures. Send daily / weekly...Work at office
$200k - $250k
...delivery, quality improvement, workforce engagement, regulatory compliance, and organizational performance. This executive leader will... ...Financial & Operational Performance Provide oversight of labor management, productivity, operational budgets, and capital planning....Relocation package- ...term goals for the nursing staff. Anticipates and effectively manage changes in census and acuity and allocates nursing resources... ...nursing protocols within the facility to meet all regulatory, compliance and quality care standards. Responsible for the quality of care...
$130k - $160k
...services, ensuring high standards of patient care, regulatory compliance, staff development, and operational excellence within an inpatient... ...excellent leadership, communication, and operational management skills while fostering a culture centered on patient safety, clinical...- ...Expectations: Act as the Crew Chief for a field survey crew, managing and directing field survey operations for construction,... ...technology and equipment used in surveying. May perform mapping compliance or related office survey duties as a temporary assignment to...Temporary workFor contractorsWork at officeFlexible hoursNight shift
- ...Managing Director, Major Gifts About the Company Pioneering organization advancing the Technion-Israel Institute of Technology Industry Fund-Raising Type Non Profit Founded 1940 Employees 51-200 Categories Association...Local area
- ...understand how to build automation that scales with the product. You will bring structure to our testing strategy, own our test management processes in Qase, and ensure quality is embedded into our development lifecycle rather than treated as a final checkpoint. Your...Contract workRemote workFlexible hours
- Corrections professionals who foster a humane and secure environment and ensure public safety by preparing individuals for successful reentry into our communities. To be considered for the position, you must meet the following qualification requirements: Education There...Work at office
$157.2k - $298.8k
...Join us and help shape the future of aerospace and defense. The Compliance Associate Director role offers a high visibility opportunity... ...be comfortable with executive communication as well as change management and building / enhancing business processes and tools. What You...Full timeTemporary workWork experience placementWork at officeRemote workWorldwideFlexible hours- ...our internal rewards programUniforms paid for and launderedGEAR UP FOR YOUR ROLE:As a Crew Chief, you're an important part of our management team, focused on giving top-notch service to customers. You'll team up with the General Manager to guide the crew, keep things...Flexible hours
- ...Well-established organization providing youth development & leadership programs Industry Non-Profit Organization Management Type Non Profit Founded 1957 Employees 11-50 Specialties youth development charitable organization...Summer work
- ...strategies, and goals; maintain, update, and ensure procedural compliance for programs. Oversee implementation of plans and programs;... .... Serves as a dental advisor to the clinic administration and manager regarding the total program and objectives. Develops and...Work at office
- (Hiring) Director of Radiology We are seeking a Director Of Radiology to become a part of our team! You will coordinate medical and health services in hospitals, clinics or similar organizations. Responsibilities: Oversee medical and health service...
- ...advocate for the health center's oral health program both within the management team and with community partners. Develops, coordinates,... ...as well as with third party insurance resources. Ensures compliance with federal and state laws and regulations, the Arizona...Full timeTemporary workWork at officeLocal area
- ...certification and hands on experience working in radiology with patients prior to 5-7 years minimum leadership experience as imagining manager or director. Minimum education: Completion of JRCERT formal program in radiologic technology. Preferred education: Bachelor's...
$68.27k
...Additionally, this position requires a general skill level in the areas of sentence computation, sentencing laws, court processes, and compliance with court directives in order to address inmate inquiries. Along with all other correctional institution employees, incumbent...Hourly payFull timeTemporary workPart timeWork at office- Job Title Help Job Description Provides supervision, care and correctional treatment of inmates and guidance to lower-graded Correctional Officers. Incumbent is concerned with maintenance of institution security contributing to the health and welfare of the inmates...Local areaFlexible hoursShift work
- ...all aspects of pharmacy operations including dispensing, pharmaceutical care, clinical and community relations, and accreditation compliance. Plans and provides a completely integrated pharmacy program and coordinates these programs with all other departments within the...Contract workWork at office
$28.56 - $35.7 per hour
...multi‑tasked role requires initiative, resourcefulness, and sound judgment. The Executive Associate will support senior leadership by managing complex calendars, travel arrangements, drafting communications, preparing meeting documents, assisting with event/meeting...Hourly payWork experience placementWork at office- ...provided, intervening when necessary to guide improvements. Compliance and Regulation: Regularly review and enforce compliance with... ...approach is used to maximize outcomes. Resource Management: Allocate physical, financial, and human resources efficiently...Immediate startFlexible hours
$25.75 per hour
...Knowledge Skills And Abilities Excellent oral and written communication skills demonstrated by communicating with other functions and management regarding resolving testing, investigations and theory. Strong data-analysis skills, with clear demonstrated understanding of...Hourly payWork experience placementImmediate startShift work$28.56 - $35.7 per hour
...environment requiring the incumbent to perform with initiative, resourcefulness, and sound judgment. Responsibilities include tasks such as managing complex calendars, travel arrangements, drafting communications, preparing meeting documents, assisting with event/meeting...Hourly payFull timeWork experience placementWork at officeRelocation- ...that's close to home and heart in your community? A clinical rehab liaison at Encompass Health cultivates referral relationships, manages assigned territory and completes patient assessments. You'll play a crucial role in helping us drive growth through patient referrals...Full timePart timeFlexible hours
Do you want to receive more vacancies?
Subscribe and receive similar vacancies to ISMS Compliance Manager. Be the first to apply!
- compliance technician Tucson, AZ
- regulatory compliance specialist Tucson, AZ
- regulatory affairs consultant Tucson, AZ
- compliance team leader Tucson, AZ
- legal compliance Tucson, AZ
- customs compliance Tucson, AZ
- dot compliance Tucson, AZ
- compliance Tucson, AZ
- compliance investigator Tucson, AZ
- regulatory compliance Tucson, AZ


