Senior Compliance Officer

Senior Compliance Officer – Thales Join to apply for the Senior Compliance Officer role at Thales. The Senior Cloud Services Compliance Officer is responsible for leading and overseeing compliance initiatives for Cloud Services across a cloud services domain level, with a focus on managing complex audit processes, customer security and compliance assessments, regulatory compliance, and internal security and privacy programs. This individual will collaborate with senior management of business units and external stakeholders to ensure compliance with internal policies, industry standards, and regulatory requirements across multiple jurisdictions.

The Senior Compliance Manager will also play a critical role in supporting strategic direction for compliance practices, driving continuous improvement, and ensuring robust risk mitigation in Cloud Services operations. Key Responsibilities Cybersecurity Compliance Programs: Serve as the point of contact for managing all compliance and audit activities related to assigned Cloud Services, acting as a trusted partner to the assigned Cloud Services. Lead interactions with both internal and external auditors (including external regulatory bodies, internal Thales auditors, and third‑party auditors), ensuring efficient and effective audit processes.

Support the development, implementation, and maintenance of compliance programs to meet the organization’s strategic objectives and regional regulatory requirements. Audit Strategy and Execution: Lead the preparation and execution of internal and external audits across assigned Cloud Services, ensuring compliance with established corporate policies/standards, industry standards, and regulatory requirements. Develop and implement audit strategies for the assigned Cloud Services, ensuring audits are proactive, risk‑based, and aligned with business priorities, while ensuring a continuous improvement approach.

Advanced Compliance and Risk Management: Lead and enhance the risk management and improve controls for assigned Cloud Services, ensuring compliance with both internal policies and external regulatory requirements. Support and improve the Cloud Services Change Management, Business Continuity Plan (BCP), and Disaster Recovery (DR) related controls to ensure compliance with corporate policy/standards and business continuity regulations and best practices. Maintain and update key governance, risk management and compliance documentation, including ISMS 27001, ISO 27017/18 mandatory documents, ensuring alignment with corporate policy and evolving industry standards.

Policy Development and Process Improvement: Support the develop, review, and implementation of cybersecurity compliance policies, standards and procedures to continue improving internal controls, audit readiness, and risk mitigation. Recommend and drive the implementation of cybersecurity policies and standards aimed at improving Cloud Services’ compliance posture, ensuring policies are aligned with business objectives and regulatory expectations. Regularly assess and refine compliance workflows to optimize efficiency and alignment with evolving compliance frameworks.

Global Compliance Management: Partner with cross‑functional teams in analyzing cybersecurity compliance requirements across functions, ensuring adherence to local and international regulations (e.g., GDPR, CCPA). Support the development of global compliance strategies, ensuring supported Cloud Services units are aware of evolving global cybersecurity and privacy laws and that cross‑border data transfers are compliant with corporate policies and standards. Support and Advisory for Cloud Services Units: Provide cybersecurity compliance guidance and support to sales, presales, product management, and other business units on cybersecurity compliance‐related matters, including RFPs, RFIs, security & compliance questionnaires, and client security inquiries.

Be the primary advisor to assigned Cloud Services on complex compliance and security topics, providing recommendations for risk mitigation, process improvements, and regulatory adherence. Customer and Stakeholder Engagement: Engage directly with key customers to address complex compliance and security questions, and to support ongoing trust‑building initiatives. Ensure the communication of compliance requirements and audit results to relevant stakeholders, including customers, partners, and regulators.

Continuous Monitoring and Reporting: Oversee the ongoing monitoring of compliance programs to ensure that they remain effective and aligned with the organization’s security goals and business objectives. Develop and provide regular compliance reports to senior management, highlighting audit results, risk areas, and the status of corrective actions. 7+ years of experience in cybersecurity compliance and certifications, preferably within cloud services environments. Proven experience independently leading and conducting internal and external audits, including risk assessments and remediation activities.

Strong knowledge and experience working with industry‑leading information security standards, such as ISO 27001, ISO 27017/18, SOC 2, FedRAMP, CSA, PCI‑DSS and Data Privacy Regulations (e.g., GDPR). Solid understanding of cloud environments (e.g., AWS, Azure, GCP) and cloud security fundamentals. Demonstrated ability to effectively communicate and collaborate with a broad range of internal and external stakeholders, including business units, senior leadership, auditors, and regulators.

Preferred Qualifications 7‑10 years of experience in cybersecurity compliance, risk management, or information security. Experience in cloud computing or SaaS environments is highly preferred. Certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), or similar certifications are strongly preferred.

Strong knowledge and practical experience with ISO 27001, SOC 2, PCI DSS, GDPR, NIST, and other relevant frameworks. Proven experience in leading complex audits, with the ability to work closely with senior leadership, legal, data privacy, operations, and technical teams. Excellent written and verbal communication skills, with the ability to present complex compliance and audit findings to both technical and non‑technical stakeholders.

Strategic approach to compliance management, focus on risk mitigation, continuous improvement, and alignment with business goals. Seniority Level Mid‑Senior level Employment Type Contract Job Function Accounting / Auditing Industries IT Services and IT Consulting Referrals increase your chances of interviewing at Thales by 2x. #J-18808-Ljbffr