This list contains only the countries for which job offers have been published in the selected language (e.g., in the French version, only job offers written in French are displayed, and in the English version, only those in English).
We are seeking a Security Compliance Consultant (CHARM) to act as a senior authority on cyber compliance and control assurance across the organisation. This role focuses on driving enterprise-wide adoption and optimisation of CHARM security controls, ensuring alignment with Vodafone Security Baseline requirements across IT, cloud, and network environments. The individual will operate at the intersection of policy, risk, and technology, enabling proactive, risk-driven compliance and supporting audit readiness through robust assurance practices and stakeholder collaboration.
Job Responsibility
Ensure compliance with Vodafone Cyber Security Baseline requirements and the CHARM control framework, providing clear interpretation of policy intent and applicability
Drive lifecycle management of security controls, including hardening, patching, and vulnerability management across IT, cloud, and network domains
Oversee and enhance control assurance practices, including assessment methodologies, effectiveness reviews, and evidence validation
Contribute to internal and external audits (e.g. Internal Audit, Group Cyber Assurance), supporting evidence preparation, remediation tracking, and clarifications
Provide governance input for systems in development or undergoing change, ensuring alignment with baseline security requirements
Develop, maintain, and present compliance dashboards, metrics, and trend analysis to support risk-based decision-making
Participate in cyber risk assessments, identifying risks, defining mitigation actions, and tracking progress
Collaborate with stakeholders across Technology, Architecture, and Service Ownership to address control gaps and prioritise remediation
Improve compliance maturity through standardisation, automation, and continuous process optimisation
Requirements
An experienced professional with 12+ years in Information Security Governance, Risk and Compliance (GRC), ideally within complex, multi-market environments
Highly knowledgeable in security governance models, control frameworks, and end-to-end compliance lifecycle management
Experienced in leading audit and assurance engagements, including regulatory and internal reviews
Skilled in stakeholder collaboration across diverse technical and business functions
Knowledgeable in IT service management principles (ITIL) and their integration with security controls
Technically informed across infrastructure, operating systems, middleware, and cloud environments from a governance perspective
Able to translate high-level security requirements into actionable compliance outcomes
Detail-oriented, organised, and capable of managing multiple priorities simultaneously
A confident communicator, able to engage effectively with senior stakeholders
Fluent in spoken and written English
Certified in CISM or an equivalent GRC-focused qualification
Experienced in ISO/IEC 27002 (or similar standards) implementation and adaptation
Proficient in Microsoft Office tools, including advanced Excel, and experienced in Power Platform or similar tools for dashboards and automation
What we offer
Opportunity to influence enterprise-wide cyber security strategy and compliance maturity
Exposure to global audit, assurance, and regulatory environments
Collaboration with senior stakeholders across technology and security domains
Involvement in large-scale transformation, automation, and standardisation initiatives
A role that blends strategic thinking with practical execution in cyber risk and compliance