About the role

Establish and operate a Sporty Group-wide security and privacy baseline by building and coordinating a Group ISMS and Group PIMS. Ensure consistent security and privacy governance across all group companies while enabling regional teams to meet local regulatory requirements.

What You'll Be Doing

• Define and maintain the Sporty Group global security and privacy baseline, including policies, control framework, and minimum requirements applicable across all group companies.
• Design and operate the Group ISMS and Group PIMS, coordinating regional ISMS and privacy programs without duplicating local ownership.
• Establish a clear global baseline plus local add-ons operating model, with defined RACI, exception handling, and escalation paths.
• Coordinate group-level governance by consolidating regional BDM/PM-owned compliance calendars into a single group view, aligning milestones, reporting cadence, and evidence standards.
• Maintain the group-level risk register, Statement of Applicability, and control mappings, ensuring traceability between risks, controls, owners, and evidence.
• Coordinate internal audits and findings management at group level, tracking remediation and closure across regions.
• Define and standardize privacy operations at group level, including RoPA inputs, DPIA workflows, retention and deletion evidence standards, and breach readiness coordination with Legal and Security.
• Build and maintain a central evidence library, mapped once to the group control set and reused across ISO, PCI-DSS, and privacy frameworks.
• Standardize third-party security and privacy compliance artifacts, including questionnaires, minimum requirements, and evidence packages, in coordination with Legal and Procurement.
• Track regulatory and standard changes and translate them into clear, scoped updates to the group baseline, with owners and timelines.
  
  What You'll Bring
• Proven experience operating ISO 27001 programs in practice, including risk management, SoA maintenance, and audit cycles.
• Practical experience with privacy frameworks and regulations, including GDPR and at least one additional jurisdiction (e.g., LGPD or Nigeria).
• Strong program coordination skills across multiple regions, teams, and time zones.
• Ability to translate regulatory requirements into clear, actionable controls without creating unnecessary overhead.
• Strong written communication skills, able to produce concise policies, standards, and guidance.
  
  Technology / Domain Expertise

ISO 27001, ISO 27701, privacy management practices, PCI-DSS evidence coordination, risk registers, audit and evidence management, GRC tooling (nice to have).

What's in it for you

• Sporty is a remote first company in pursuit of sustainability
• A competitive salary + individual performance based bonuses every quarter
• 28 days paid annual leave
• Our core working hours are 10am-3pm in your local time zone with flexibility outside of this
• Referral bonuses & flash bonuses
• Top of the line equipment
• Annual company retreats to provide great internal networking opportunities

Interview Process

• Remote video screening with our Talent Acquisition Team 
• Online assessment via Hackerrank
• Remote video interview with Team Members (60 Mins)
• Final discussion with the hiring manager (60 mins)