Sign up to access all features of our service.
  • Job search
  • Favorites
  • Create a CV
    New
  • Salaries
  • Subscriptions

ISMS Compliance Manager

Full-time

Hexagon Mining, Inc.

The Company:

Hexagon is a global leader in digital reality solutions, combining sensor, software, and autonomous technologies. We are putting data to work to boost efficiency, productivity, quality, and safety across industrial, manufacturing, infrastructure, public sector, and mobility applications.

Our technologies are shaping the production and people-related ecosystems to become increasingly connected and autonomous — ensuring a scalable, sustainable future.

Hexagon’s Mining division solves surface and underground mine challenges with proven technologies for planning, operations, and safety.

Hexagon (Nasdaq Stockholm: HEXA B) has approximately 24,000 employees in 50 countries and net sales of approximately 5.5bn USD. Learn more at hexagon.com and follow us @HexagonAB.

The Role:

The Compliance Manager is accountable for the design, operation, and continuous improvement of the organisation’s Information Security Management System (ISMS) and its associated certification programme. This role is not a technical security engineering position. Instead, it demands a highly organised, process-oriented compliance professional who can orchestrate cross-functional teams, manage external auditors, close control gaps, and ensure that the control environment remains audit-ready at all times. The Compliance Manager serves as the primary interface between the organisation’s day-to-day operations and its ISO 27001 certification obligations.

Major Areas of Responsibility:

  • ISMS Program Ownership
    • Own, maintain, and continuously improve the ISO 27001-aligned Information Security Management System (ISMS), including its scope, Statement of Applicability (SoA), risk treatment plan, and all supporting documentation.
    • Serve as the internal subject-matter authority for ISO/IEC 27001 standard requirements and, where applicable, supplementary standards (ISO 27002, 27005, 27017, 27018, SOC 2 overlap).
    • Maintain the organisation’s certification roadmap and annual audit calendar, coordinating with the external certification body and any internal audit function.
    • Ensure the ISMS programme remains aligned with organisational strategy, evolving business requirements, regulatory changes, and threat landscape shifts.
  • Control Framework Management
    • Maintain a complete, current, and authoritative ISO 27001 control framework, mapping Annex A controls (and relevant supplementary controls) to business processes, asset owners, and accountable teams.
    • Conduct and manage periodic control effectiveness assessments to verify that controls are designed adequately and are operating as intended.
    • Drive gap remediation: identify control deficiencies, assign remediation owners, set target dates, track progress to closure, and escalate where timelines are at risk.
    • Ensure evidence artefacts (policies, procedures, records, logs, test results) are complete, current, well-organised, and retained in accordance with the ISMS evidence management framework.
    • Manage policy and procedure lifecycle—drafting, review, approval, version control, and annual attestation—in collaboration with policy owners.
  • Audit Management & Readiness
    • Scope, plan, and manage both internal and external ISO 27001 audits (Stage 1, Stage 2 certification, and annual surveillance/recertification audits).
    • Serve as the primary liaison with the external certification body: coordinate logistics, manage the audit schedule, prepare opening and closing meetings, and facilitate auditor access to systems, evidence, and personnel.
    • Proactively assess control adequacy before external audits.
    • Manage all audit findings (minor nonconformities, major nonconformities, and observations): ensure timely root cause analysis, corrective action plans, evidence of closure, and follow-up verification.
    • Maintain a perpetual audit-readiness posture, ensuring the organisation can demonstrate an effective ISMS at any point during the certification cycle—not only at audit time.
  • Risk Management Integration
    • Facilitate the information security risk assessment and risk treatment process working with technical and business stakeholders to identify, evaluate, and treat information security risks.
    • Maintain the risk register and risk treatment plan, tracking risk acceptance decisions, treatment progress, and residual risk posture.
    • Ensure risk assessment outputs are reflected in the SoA and control framework, and that significant residual risks are escalated appropriately to leadership.
  • Cross-Functional Stakeholder Engagement
    • Identify and engage the correct accountable owners across product, engineering, infrastructure, IT, legal, HR, and business operations to obtain evidence, close gaps, and ensure control sustainability.
    • Facilitate Management Review meetings as required by the standard, preparing agenda materials, risk summaries, audit result summaries, and improvement recommendations.
    • Develop and maintain a stakeholder engagement model that clarifies each team’s ISMS responsibilities without requiring them to become compliance specialists.
    • Act as a trusted advisor to leadership on the organisation’s compliance posture, certification status, and material risks.
    • Support teams as they address questions regarding information security management, including responses to customer security questionnaires
    • Manage and support incident response efforts, including containment, investigation, and recovery.
  • Compliance Programme Governance
    • Maintain a compliance calendar covering ISMS obligations—control reviews, policy attestations, risk assessments, internal audits, and external audit milestones.
    • Produce regular compliance status reports and management dashboards that accurately reflect the state of the control environment, open gaps, and remediation progress.
    • Contribute to supplier assurance activities by assessing third-party compliance requirements relevant to the ISMS scope.

Key Stakeholders:

This role will be successful if able to build relationships and work directly with the following stakeholders:

  • VP of Information Technology and Data
  • Group Privacy and Information Security Officer
  • Group Governance, Risk, and Compliance
  • SVP of Product
  • SVP of Engineering
  • Engineering Management
  • Legal and Compliance

Knowledge and Experience - Required:

  • Bachelor’s degree in Information Security, Computer Science, Business Administration, or a related field; or equivalent professional experience.
  • 5+ years of experience in information security compliance, GRC (Governance, Risk, and Compliance), or audit management roles.
  • Demonstrated, hands-on experience managing an ISO 27001 ISMS through at least one full certification or recertification audit cycle—including scoping, internal audits, external audit management, and nonconformity remediation.
  • Proven ability to manage cross-functional stakeholders without direct authority—influencing product, engineering, HR, legal, and operations teams to meet compliance obligations.
  • Experience maintaining control frameworks, risk registers, and ISMS documentation libraries.
  • Track record of writing and managing information security policies and procedures.

Knowledge and Experience - Desired:

  • Deep knowledge of the ISO/IEC 27001:2022 standard, Annex A controls, and supporting guidance in ISO/IEC 27002:2022.
  • Strong understanding of information security risk assessment methodologies.
  • Ability to read, interpret, and apply compliance and audit requirements without needing to be a hands-on technical security practitioner.
  • Excellent written and verbal communication skills; able to translate complex compliance requirements into clear, actionable guidance for non-security audiences.
  • Strong project and programme management skills: ability to manage multiple workstreams, deadlines, and stakeholders simultaneously.
  • CISM (Certified Information Security Manager) or CRISC (Certified in Risk and Information Systems Control).
  • Working knowledge of complementary frameworks such as SOC 2 (Type I/II), NIST CSF, CIS Controls, GDPR, or CCPA—particularly where they overlap with or supplement the ISO 27001 control environment.
  • Prior experience in a regulated industry (financial services, healthcare, or public sector) where certification drives contractual or regulatory obligations.

Travel:

  • Travel is expected to complete job function - including potential significant periods of travel related to coordination of audit readiness and execution. Overall travel is not to exceed 50% of time.

Hexagon is an Equal Opportunity Employer. We prohibit discrimination against any job applicant based on protected characteristics.

Vacancy posted 24 days ago
Similar jobs that could be interesting for youBased on the ISMS Compliance Manager in Tucson, AZ vacancy
  • $106k - $197k

     ...compilation, which includes the development of submission/product registration dossiers of more complex products/programs. You develop and manage parts of comprehensive global regulatory submissions and registration plans. Specifically, you bring knowledge of USFDA regulations... 
    Suggested
    Local area
    Relocation package

    Roche

    Tucson, AZ
    1 day ago
  • $21 per hour

     ...Description Job Overview: As the Compliance Coordinator, you will be responsible for regularly touring the neighborhoods street-...  ...~​Previous experience in compliance monitoring, property management, or related field is highly preferred Physical Requirements... 
    Suggested
    Hourly pay
    Full time
    Work at office
    Local area
    Monday to Friday

    FirstService Residential

    Tucson, AZ
    4 days ago
  •  ...ProStratus, a Certified Level 2 Managed Security Service Provider (MSSP), is seeking a skilled CMMC Compliance Analyst to join our team. In this role, you will play a critical part in supporting our clients’ efforts to achieve and maintain Cybersecurity Maturity Model... 
    Suggested

    ProStratus

    Tucson, AZ
    11 hours ago
  •  ...physicians and advanced practice providers. This role ensures compliance with federal and state regulations, accreditation standards, payer...  ...provider records and timely enrollment. Responsibilities Manage the credentialing and recredentialing process for physicians and... 
    Suggested
    Work at office

    Pain Institute of Southern Arizona

    Tucson, AZ
    3 days ago
  • $10 per hour

     ...our nursing strategy, ensuring the highest standards of care, compliance, and innovation. You'll collaborate with executive leadership to...  ...talent to build a high-performing, compassionate care team. Manage nursing budgets, staffing plans, and resource allocation to support... 
    Suggested
    Temporary work
    Local area

    LifePoint Health

    Tucson, AZ
    3 days ago
  •  ...government agencies. AKIVA is a certified Service-Disabled Veteran-Owned Small Business (SDVOSB). Position Overview The Compliance & HR Manager owns workforce compliance, onboarding administration, personnel documentation, employment eligibility verification,... 
    Long term contract
    Full time
    Contract work
    Temporary work
    Work at office
    Local area
    Work from home
    Flexible hours

    AKIVA AI

    Tucson, AZ
    27 days ago
  • $36.19 per hour

    Job Description Job Description Asset Protection & Security Services, a 30-year company, with 24 years of those years specializing in detention and transportation, is looking for people to be part of our team. If you meet the requirements or have questions, please ...

    Asset Protection and Security

    Tucson, AZ
    23 days ago
  •  ...medical billing knowledge and understanding in order to monitor and manage accounts, claims, claims resolution, accounts receivable, and...  ...etc.) Keep track and process accounts and incoming payments in compliance with financial policies and procedures. Send daily / weekly... 
    Work at office

    FocusHR

    Tucson, AZ
    6 hours ago
  • $200k - $250k

     ...delivery, quality improvement, workforce engagement, regulatory compliance, and organizational performance. This executive leader will...  ...Financial & Operational Performance Provide oversight of labor management, productivity, operational budgets, and capital planning.... 
    Relocation package

    Midland-Marvel

    Tucson, AZ
    2 days ago
  •  ...term goals for the nursing staff. Anticipates and effectively manage changes in census and acuity and allocates nursing resources...  ...nursing protocols within the facility to meet all regulatory, compliance and quality care standards. Responsible for the quality of care... 

    Noor Staffing Group

    Tucson, AZ
    27 days ago
  • $130k - $160k

     ...services, ensuring high standards of patient care, regulatory compliance, staff development, and operational excellence within an inpatient...  ...excellent leadership, communication, and operational management skills while fostering a culture centered on patient safety, clinical... 

    Taphealthcare

    Tucson, AZ
    26 days ago
  •  ...Expectations: Act as the Crew Chief for a field survey crew, managing and directing field survey operations for construction,...  ...technology and equipment used in surveying. May perform mapping compliance or related office survey duties as a temporary assignment to... 
    Temporary work
    For contractors
    Work at office
    Flexible hours
    Night shift

    Alta Southwest

    Tucson, AZ
    5 hours ago
  •  ...Managing Director, Major Gifts About the Company Pioneering organization advancing the Technion-Israel Institute of Technology Industry Fund-Raising Type Non Profit Founded 1940 Employees 51-200 Categories Association... 
    Local area

    Confidential

    Tucson, AZ
    11 hours ago
  •  ...understand how to build automation that scales with the product. You will bring structure to our testing strategy, own our test management processes in Qase, and ensure quality is embedded into our development lifecycle rather than treated as a final checkpoint. Your... 
    Contract work
    Remote work
    Flexible hours

    GrabJobs

    Tucson, AZ
    4 days ago
  • Corrections professionals who foster a humane and secure environment and ensure public safety by preparing individuals for successful reentry into our communities. To be considered for the position, you must meet the following qualification requirements: Education There...
    Work at office

    Bureau of Prisons / Federal Prison System

    Tucson, AZ
    2 days ago
  • $157.2k - $298.8k

     ...Join us and help shape the future of aerospace and defense. The Compliance Associate Director role offers a high visibility opportunity...  ...be comfortable with executive communication as well as change management and building / enhancing business processes and tools. What You... 
    Full time
    Temporary work
    Work experience placement
    Work at office
    Remote work
    Worldwide
    Flexible hours

    RTX

    Tucson, AZ
    4 days ago
  •  ...our internal rewards programUniforms paid for and launderedGEAR UP FOR YOUR ROLE:As a Crew Chief, you're an important part of our management team, focused on giving top-notch service to customers. You'll team up with the General Manager to guide the crew, keep things... 
    Flexible hours

    Team Car Care West, LLC (US)

    Tucson, AZ
    2 days ago
  •  ...Well-established organization providing youth development & leadership programs Industry Non-Profit Organization Management Type Non Profit Founded 1957 Employees 11-50 Specialties youth development charitable organization... 
    Summer work

    Confidential

    Tucson, AZ
    6 hours ago
  •  ...strategies, and goals; maintain, update, and ensure procedural compliance for programs. Oversee implementation of plans and programs;...  .... Serves as a dental advisor to the clinic administration and manager regarding the total program and objectives. Develops and... 
    Work at office

    Pascua Yaqui Tribe

    Tucson, AZ
    3 days ago
  • (Hiring) Director of Radiology We are seeking a Director Of Radiology to become a part of our team! You will coordinate medical and health services in hospitals, clinics or similar organizations. Responsibilities: Oversee medical and health service...

    Viper Staffing Services L.L.C.

    Tucson, AZ
    11 days ago
  •  ...advocate for the health center's oral health program both within the management team and with community partners. Develops, coordinates,...  ...as well as with third party insurance resources. Ensures compliance with federal and state laws and regulations, the Arizona... 
    Full time
    Temporary work
    Work at office
    Local area

    Sunset Community Health Center

    Tucson, AZ
    4 days ago
  •  ...certification and hands on experience working in radiology with patients prior to 5-7 years minimum leadership experience as imagining manager or director. Minimum education: Completion of JRCERT formal program in radiologic technology. Preferred education: Bachelor's... 

    Veracity

    Tucson, AZ
    11 days ago
  • $68.27k

     ...Additionally, this position requires a general skill level in the areas of sentence computation, sentencing laws, court processes, and compliance with court directives in order to address inmate inquiries. Along with all other correctional institution employees, incumbent... 
    Hourly pay
    Full time
    Temporary work
    Part time
    Work at office

    Commander, Navy Installations Command

    Tucson, AZ
    4 days ago
  • Job Title Help Job Description Provides supervision, care and correctional treatment of inmates and guidance to lower-graded Correctional Officers. Incumbent is concerned with maintenance of institution security contributing to the health and welfare of the inmates...
    Local area
    Flexible hours
    Shift work

    Department of Justice

    Tucson, AZ
    3 days ago
  •  ...all aspects of pharmacy operations including dispensing, pharmaceutical care, clinical and community relations, and accreditation compliance. Plans and provides a completely integrated pharmacy program and coordinates these programs with all other departments within the... 
    Contract work
    Work at office

    Department of Justice

    Tucson, AZ
    3 days ago
  • $28.56 - $35.7 per hour

     ...multi‑tasked role requires initiative, resourcefulness, and sound judgment. The Executive Associate will support senior leadership by managing complex calendars, travel arrangements, drafting communications, preparing meeting documents, assisting with event/meeting... 
    Hourly pay
    Work experience placement
    Work at office

    Phase2 Technology

    Tucson, AZ
    2 days ago
  •  ...provided, intervening when necessary to guide improvements. Compliance and Regulation: Regularly review and enforce compliance with...  ...approach is used to maximize outcomes. Resource Management: Allocate physical, financial, and human resources efficiently... 
    Immediate start
    Flexible hours

    TMC

    Tucson, AZ
    1 day ago
  • $25.75 per hour

     ...Knowledge Skills And Abilities Excellent oral and written communication skills demonstrated by communicating with other functions and management regarding resolving testing, investigations and theory. Strong data-analysis skills, with clear demonstrated understanding of... 
    Hourly pay
    Work experience placement
    Immediate start
    Shift work

    Zing! Recruiting

    Oro Valley, AZ
    7 hours ago
  • $28.56 - $35.7 per hour

     ...environment requiring the incumbent to perform with initiative, resourcefulness, and sound judgment. Responsibilities include tasks such as managing complex calendars, travel arrangements, drafting communications, preparing meeting documents, assisting with event/meeting... 
    Hourly pay
    Full time
    Work experience placement
    Work at office
    Relocation

    University of Arizona

    Tucson, AZ
    2 days ago
  •  ...that's close to home and heart in your community? A clinical rehab liaison at Encompass Health cultivates referral relationships, manages assigned territory and completes patient assessments. You'll play a crucial role in helping us drive growth through patient referrals... 
    Full time
    Part time
    Flexible hours

    HealthSouth

    Tucson, AZ
    1 day ago

Do you want to receive more vacancies?

Subscribe and receive similar vacancies to ISMS Compliance Manager. Be the first to apply!