- Company Name
- Atcore
- Job Title
- Information Security and Compliance Manager
- Job Description
-
**Job title**
Information Security and Compliance Manager
**Role Summary**
Lead the development, implementation, and enforcement of the organization’s information security strategy. Ensure compliance with UK, EU, and North American regulations (GDPR, PCI DSS, PCI 3DS, SOC 2, NIST 800‑61r3) while embedding security into product development, third‑party risk management, incident response, and continuous improvement initiatives.
**Expectations**
- Drive security strategy that aligns with business and product objectives.
- Counsel senior leadership on risk posture, emerging threats, and strategic security investments.
- Oversee governance, compliance, audits, certifications, and contractual security requirements.
- Manage third‑party and supply‑chain security risk assessments.
- Partner with engineering to integrate secure coding, code review, and development lifecycle controls.
- Lead incident response, disaster recovery planning, vulnerability management, and threat intelligence.
- Develop, enforce, and communicate security policies and awareness programs.
**Key Responsibilities**
- Develop and execute a comprehensive security strategy and roadmap.
- Establish and maintain an information security governance framework.
- Ensure compliance with UK, EU, and international standards (GDPR, PCI DSS, PCI 3DS, SOC 2, NIST 800‑61r3).
- Coordinate internal and external audits and certification processes.
- Conduct security assessments for third parties, customers, and insurance purposes.
- Collaborate with Legal to define contractual security requirements.
- Conduct risk assessment audits, determine mitigation actions, and monitor third‑party supply‑chain security.
- Integrate security into the software development lifecycle; define coding standards and oversee code reviews.
- Lead incident response, disaster recovery planning, and vulnerability management initiatives.
- Oversee penetration testing, threat intelligence, and overall security operations.
- Develop and enforce security policies; deliver organization‑wide awareness training.
**Required Skills**
- Deep knowledge of GDPR, PCI DSS, PCI 3DS, SOC 2, NIST 800‑61r3, and other global compliance frameworks.
- Experience managing information security governance, risk management, and audit/certification activities.
- Proven ability to integrate security into software development and cloud environments.
- Strong analytical, problem‑solving, and strategic thinking skills.
- Excellent stakeholder communication, presentation, and engagement abilities.
- Proficiency with GRC platforms (e.g., DRATA) and vulnerability/penetration testing tools.
**Required Education & Certifications**
- Bachelor’s degree in Computer Science, Cyber Security, or a related discipline.
- Minimum 5 years of information security experience, including leadership roles.
- Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) preferred.