Security Compliance and Privacy Specialist

About the role

Establish and operate a Sporty Group–wide security and privacy baseline by building and coordinating a Group ISMS and Group PIMS. Ensure consistent security and privacy governance across all group companies while enabling regional teams to meet local regulatory requirements.

**
What You'll Be Doing**

• Define and maintain the Sporty Group global security and privacy baseline, including policies, control framework, and minimum requirements applicable across all group companies.

• Design and operate the Group ISMS and Group PIMS, coordinating regional ISMS and privacy programs without duplicating local ownership.

• Establish a clear global baseline plus local add-ons operating model, with defined RACI, exception handling, and escalation paths.

• Coordinate group-level governance by consolidating regional BDM/PM-owned compliance calendars into a single group view, aligning milestones, reporting cadence, and evidence standards.

• Maintain the group-level risk register, Statement of Applicability, and control mappings, ensuring traceability between risks, controls, owners, and evidence.

• Coordinate internal audits and findings management at group level, tracking remediation and closure across regions.

• Define and standardize privacy operations at group level, including RoPA inputs, DPIA workflows, retention and deletion evidence standards, and breach readiness coordination with Legal and Security.

• Build and maintain a central evidence library, mapped once to the group control set and reused across ISO, PCI-DSS, and privacy frameworks.

• Standardize third-party security and privacy compliance artifacts, including questionnaires, minimum requirements, and evidence packages, in coordination with Legal and Procurement.

• Track regulatory and standard changes and translate them into clear, scoped updates to the group baseline, with owners and timelines.**

  What You'll Bring**

• Proven experience operating ISO 27001 programs in practice, including risk management, SoA maintenance, and audit cycles.

• Practical experience with privacy frameworks and regulations, including GDPR and at least one additional jurisdiction (e.g., LGPD or Nigeria).

• Strong program coordination skills across multiple regions, teams, and time zones.

• Ability to translate regulatory requirements into clear, actionable controls without creating unnecessary overhead.

• Strong written communication skills, able to produce concise policies, standards, and guidance.**

  Technology / Domain Expertise**

ISO 27001, ISO 27701, privacy management practices, PCI-DSS evidence coordination, risk registers, audit and evidence management, GRC tooling (nice to have).

What's in it for you

• Sporty is a remote first company in pursuit of sustainability
• A competitive salary + individual performance based bonuses every quarter
• 28 days paid annual leave
• Our core working hours are 10am-3pm in your local time zone with flexibility outside of this
• Referral bonuses & flash bonuses
• Top of the line equipment
• Annual company retreats to provide great internal networking opportunities

Interview Process

• Remote video screening with our Talent Acquisition Team 
• Online assessment via Hackerrank
• Remote video interview with Team Members (60 Mins)
• Final discussion with the hiring manager (60 mins)

If you're interested, we encourage you to apply! Every application is reviewed by a member of our team (AI is not used in our recruitment process), and we aim to respond within 48 hours.