Senior Compliance and Controls Analyst

UK-BKM-Marlow | UK-Twickenham
Job ID
Information Technology - All Openings
Pos. Type
Full Time

Company Overview

At Nuance, we empower people with the ability to seamlessly interact with their connected devices and the digital world around them.  We are creating a world where technology thinks and acts the way people do by designing the most human, natural, and intuitive ways of interacting with technology.

Our nimble technology uses analytics and advanced algorithms to transform the inanimate into animate and reduce complicated processes into simple ones.

Join our Enterprise team…; great customer service starts here. We design virtual assistants for intelligent and effortless customer service helping customers find the information they need using whatever channel they prefer. We also provide multi-model biometric security solutions, including voice biometrics authentication, which provides a more human-like experience for consumers who are transacting on the go, whilst fighting the increase in fraud in online channels, phone, mobile, SMS and more.

Job Summary

The Senior Compliance and Controls Analyst is responsible for supporting the development, enforcement, maintenance and compliance of security and privacy programs for Nuance Enterprise.  This includes ownership of relevant Enterprise compliance programs, policy and procedure development/management/compliance, pre-sales support, legal collaboration and audit management.

You’ll have the chance to cross a variety of customer verticals with Nuance’s fascinating, cutting-edge technologies. There will be a high level of responsibility requiring an entrepreneurial mindset. The ability to use your own judgement based on past experiences and the analysis of information is essential.


  • Lead efforts in industry standards and regulatory compliance such as ISO 27001/27002, Cloud Security Alliance, PCI DSS, Data Protection (Privacy), and others in both public and private sectors
  • Participate in the broader Information Security governance process with Nuance Corporate and Divisional Security leaders if needed, including risk management & mitigation, corporate compliance and policy management & compliance
  • Lead internal and external audits, facilitate customer-driven and 3rd party security audits/assessments
  • A thorough understanding of the Data Protection Act 1998, the EU GDPR and its implications for business and other organisations. Able to provide appropriate advice and interpretation of current and emerging data privacy legislation
  • Provide pre-sales support for all Enterprise products and services
  • Review risks, threats, vulnerabilities and the development of remediation plans in partnership with Legal, IT, Operations and other relevant groups
  • Communication of the company’s security stance, including compliance issues, risks, and incidents to upper management and customers
  • Supports compliance with all relevant data protection regulations

Ideal experience: Information Systems audit or related Information Security experience


Required Skills: 

  • Knowledge and experience specific to managing and reporting internal controls
  • Must be knowledgeable about ISO/IEC standards and PCI requirements, prior work experience in a PCI-compliant environment strongly preferred
  • Prior policy development and enforcement experience in a regulated environment
  • Prior experience with business continuity planning, auditing and risk management, as well as contract and vendor negotiations
  • Knowledge of complex application, network, virtual environment security, and systems operations.
  • Ability to translate business requirements and risks into policy and technology implementation
  • Knowledge of industry-accepted risk assessment and remediation procedures
  • Strong interpersonal skills with the ability to deal effectively with people at all organisational levels and external vendors
  • Ability to manage through ambiguity and be confident and effective in high-pace/high-demand environments
  • Excellent oral and written communications skills with the ability to prepare and deliver concise, understandable reports and presentations
  • Proven ability to establish and maintain a high degree of confidentiality, respect, trust and credibility at all levels


Preferred Skills:

  • CIPP, CIPT or ISEB in Data Protection to Practitioner level
  • PCI Internal Security Assessor (PCI-ISA)
  • Networking and infrastructure knowledge
  • Experience with software development/QA life cycle (SDLC), Cloud/SaaS experience


Education: 4 Year / Bachelors Degree; Computer Science, Management Information Systems, Information Technology or a related discipline. 


LI Code



Sorry the Share function is not working properly at this moment. Please refresh the page and try again later.
Share on your newsfeed

Connect With Us!

Not ready to apply? Connect with us for general consideration.