IS Compliance Manager - #44154

Calling all tech enthusiasts!

Are you the kind of compliance leader who would rather sit with the engineers than read the documentation about them? At Sidetrade, ISO 27001, SOC 1 and SOC 2 are not boxes to tick. They are the trust our customers buy. As Information Security Compliance Manager, you will own that trust day-to-day, lead our audits, walk into customer security conversations alongside Sales, and grow a talented Analyst by your side. Join us at Sidetrade, the leading global SaaS provider recognised by Gartner.

About Sidetrade:

Sidetrade is an AI company, listed on Euronext Growth, on a mission to revolutionize the way enterprises unlock value from their customers leveraging its Order-to-Cash Intelligence platform and its Data Lake.

We're proud of our 38 nationalities and these diverse perspectives drive our innovation, one team culture and a customer-first mindset. Sidetrade is positioned as a Gartner Magic Quadrant Leader since 2022.

We value passion over perfection. So, if you're eager to learn and bring great energy, we want to hear from you. Be you. Grow with us.

Curious about Sidetrade? Catch the Sidetrade Inside Out podcast.

Requirements

What you will be doing:

• Run Sidetrade's compliance programme and ISMS day-to-day, deputising for the customer-facing CISO function on technical and audit matters.
• Plan and lead the full external audit calendar: ISO 27001 surveillance and recertification, SOC 1 Type II and SOC 2 Type II.
• Run the ISO 27001 internal audit programme, including the annual blank / mock audit and management review preparation.
• Own how Sidetrade responds to customer and prospect security questionnaires, RFIs, RFPs and due-diligence requests, and grow a knowledge base that makes every next response faster than the last.
• Lead supplier and third-party security assessments end-to-end: intake, risk tiering and remediation tracking.
• Join prospect and customer security discussions alongside Sales, Pre-Sales and Customer Success, and present Sidetrade's security posture and certifications with the confidence of someone who actually built the controls.
• Contribute to reviewing and shaping the security sections of contracts, DPAs and security documents and keep customer security relationships strong well after the deal is signed.
• Develop, maintain and roll out information security policies, standards and procedures aligned with ISO 27001, SOC 1 and SOC 2 requirements.
• Run the information security risk management cycle (identification, assessment, treatment, monitoring) and chase remediation of audit findings and control gaps across every in-scope department.
• Make our GRC platform (Drata or equivalent) do the heavy lifting on evidence collection, control monitoring, policy management and continuous compliance.
• Produce the KPI dashboards and management reports that tell the real story of ISMS health, audit status, questionnaire throughput and supplier risk.
• Directly manage the Information Security Compliance Analyst: set clear objectives, prioritize the backlog, and run regular 1:1s and performance reviews.
• Coach and grow the Analyst on ISO 27001, SOC and audit practices, turning them into a more autonomous compliance professional over time.

What you will bring:

• A Bachelor's degree in Information Security, Computer Science, or a related field.
• At least five years of experience in an information security compliance role, including direct hands-on exposure to ISO 27001 and SOC audits.
• Strong working knowledge of Sidetrade's three core certifications: ISO 27001, SOC 1 Type II and SOC 2 Type II.
• ISO 27001 Lead Implementer certification or equivalent.
• Hands-on experience operating a GRC tool such as Drata, Vanta, OneTrust or equivalent.
• Proven experience handling customer security questionnaires and supplier security reviews at scale, ideally in a B2B SaaS context.
• Comfortable participating in prospect and customer calls alongside Sales and Pre-Sales, presenting security topics in a clear, commercially aware way to both technical and non-technical audiences.
• Experience operating a global ISMS across multiple business functions (Business, Finance, HR, Procurement, IT, Product, R&D).
• Demonstrated people-management skills: coaching and developing a junior team member, prioritising their workload, setting clear objectives and giving regular feedback.
• Genuine interest in technology, AI and operational engineering, with the ability to hold technical conversations with engineers, product managers and IT operations. This is not a paper-and-PDF compliance profile.
• Excellent written and verbal communication skills in English and French, including the ability to present security topics to customers, auditors and executives.
• High attention to detail, autonomy and the ability to work cross-functionally with technical and non-technical stakeholders.
• Build trust across the business by treating every interaction as a chance to strengthen the working relationship, and by finding compliance solutions that respect the operational and commercial constraints of the team in front of you.
• Working knowledge of PCI DSS controls and audit requirements.
• Familiarity with NIST CSF / 800-53 and ISO 27017 / 27018.
• Working knowledge of GDPR and general data privacy principles.

Benefits

• Hybrid work model – a flexible mix of in-office and remote days.
• Great culture – active Social Club organizing regular team events and activities.
• Health & wellness – medical coverage, life insurance, and other wellness programs.
• Time off – competitive paid holidays plus public holidays.
• Career growth & compensation – competitive salary, equal opportunities, Edenred card, learning & mentorship programs, and advancement support.

Because when you thrive, we all succeed!

We’re committed to providing a welcoming and inclusive experience for every candidate If you need any accommodation during the hiring process, just let us know.

Agencies

We only accept applications from invited agencies via our Workable portal. Unsolicited CVs sent to managers or HR won’t be subject to fees.