Compliance & Information Security Manager

Compliance & Information Security Manager

Background:
Agilio Software Group is the UK s largest provider of back-office, compliance, and workforce solutions in primary care and dental. We have ambitious and exciting growth plans and are looking for talented individuals to join us on this journey.

The Compliance & Information Security Manager Role:
We are recruiting for a Compliance & Information Security Manager to maintain and enhance the company s compliance and information security posture. You will manage certifications, audits, and governance activities, ensuring ongoing compliance with ISO 27001, PCI-DSS, Cyber Essentials Plus, GDPR, and other relevant standards and regulations.

Home-based with occasional travel to company offices and suppliers.

Compliance & Information Security Manager Key Responsibilities:

Compliance & Governance

• Maintain and improve the ISMS in line with ISO 27001.
• Oversee Cyber Essentials Plus certification and ensure compliance with PCI-DSS and NHS DSP Toolkit standards.
• Act as Data Protection Officer (DPO) for GDPR compliance, including managing ICO registrations and updates (approx. 30 registrations).
• Support Subject Access Requests (SARs) and Data Protection Impact Assessments (DPIAs) for customers.
• Coordinate responses to customer security questionnaires and due diligence requests.
• Support incident response investigations and post-incident reviews.

Risk & Audit Management

• Maintain risk registers and compliance documentation, tracking remedial actions, reporting key risks to senior management.
• Plan and execute internal and manage external audits, penetration tests, and vulnerability assessments.
• Manage security ratings and ensure scores remain above agreed thresholds.

Security Operations & Tools

• Administer and optimise security tools and platforms including Eramba, Nessus, Defect Dojo, uSecure & iComply.
• Ensure and track continuous improvements of the security and data protection processes, policies and documentation.
• Monitor and report on compliance performance metrics.

Training & Awareness

• Deliver and manage security awareness programmes across the organisation.
• Maintain and update training content using platforms such as uSecure.
• Committee & Governance Meetings
• Facilitate quarterly meetings for the Physical Security, Risk, and Information Security Steering Committees.

Additional Responsibilities

• Reporting on cookie compliance across all sites and products
• Stay updated on regulatory changes and emerging security threats.
• Collaborate with IT, Engineering and Product teams to embed secure-by-design practices in development and operations.

Compliance & Information Security Manager Essential Experience & Skills:

• Hands-on experience managing or supporting ISO 27001 and Cyber Essentials Plus certifications.
• Working knowledge of PCI-DSS, GDPR, and general data protection principles.
• Experience coordinating audits and maintaining compliance documentation.
• Strong organisational skills with attention to detail and ability to manage multiple projects.
• Excellent communication and stakeholder management skills across business units.

If you feel you have what it takes to join our team, we look forward to receiving your application!