Job Description

This position sits within a well-established Security Risk & Governance team, responsible for managing the organisation's information security compliance framework. The role focuses on maintaining and improving external certifications, supporting audits, and driving awareness across the business.
Reporting to the Head of GRC. It's a hybrid role requiring working in Manchester office for 3 days weekly

• Maintain and enhance compliance with multiple security standards (e.g. ISO27001, PCI, Cyber Essentials).
• Manage the organisation's Information Security Management System (ISMS).
• Lead responses to customer security questionnaires and support proposal/audit requests.
• Deliver internal security awareness and training programmes.
• Analyse emerging compliance requirements and advise on alignment strategies.
• Support resilience planning and external audit coordination.
• Contribute to NIST maturity assessments and regulatory readiness.

Opportunity to lead infosec compliance across a dynamic technology organisation.Competitive salary and benefits

• Proven experience in security compliance and stakeholder management.
• Strong knowledge of ISO27001, PCI DSS, and other relevant standards.
• Holds certifications such as ISO27001 LA/LI, PCI Implementer, and CISA
• Additional qualifications like CISSP, CISM, CRISC, or ISO22301 are desirable.
• Background in telecoms or regulated sectors is advantageous.
• Comfortable working across multiple projects and adapting to evolving business needs.

The employer is a leading technology and telecoms service provider. They are committed to delivering innovative solutions while maintaining high-security standards to support their operations. The company offers a broad portfolio of services including network, cloud, voice, and security solutions.

• Discretionary bonus
• Private Medical Insurance
• Max. 6% pension contributed from employer
• 25 days AL plus birthday leave
• Hybrid working - 3 days in Manchester office

Skills Required