At a Glance
- Tasks: Lead security operations and manage compliance for our cloud environment.
- Company: Join myairops, a leading SaaS provider in the aviation industry with a global reach.
- Benefits: Enjoy competitive salary, pension scheme, private healthcare, and paid volunteering days.
- Why this job: Be part of a friendly team, driving impactful security initiatives in a dynamic environment.
- Qualifications: Background in cyber security or relevant degree; experience in cloud environments preferred.
- Other info: Opportunity to work with cutting-edge technology and gain valuable industry certifications.
The predicted salary is between 36000 - 60000 £ per year.
The information below covers the role requirements, expected candidate experience, and accompanying qualifications.
We are looking for a hands-on Information Security & Compliance Manager to take ownership of cyber security and data privacy across myairops. This role balances strategic oversight with practical, day-to-day security operations. You’ll be central to maintaining our SOC 2 Type II accreditation, managing third-party relationships, and ensuring our products and cloud infrastructure are secure, resilient, and compliant. In this role, you will have the unique opportunity to lead our SOC2 audit activities, perform risk management reviews, and drive our vulnerability management program in alignment with industry best practices. Your keen eye for detail and exceptional problem-solving skills will be invaluable in analysing alerts from our monitoring platform and recommending necessary configuration changes and enhancements. We are looking for a self-motivated individual with excellent communication and teamwork abilities, as you will collaborate extensively with cross-functional teams to achieve our security objectives. Your strong attention to detail, process-oriented mindset, and ability to meet deadlines with minimal supervision will be key to your success in this role.
About us: We’re a friendly team of experts, optimists, big-thinkers and problem-solvers. myairops is a leader of SaaS products to the aviation industry with customers across the globe with diverse challenges including corporate flight departments, brokers, medical providers, military and business aviation operators. Solutions are provided through innovative web delivered software and connected mobile applications.
Responsibilities:
- Lead security operations across our product and cloud environment (Azure), working closely with DevOps and engineering to ensure security best practices are followed.
- Manage external relationships with security providers, including penetration testers and SOC 2 Type II auditors.
- Own the SOC 2 audit process, coordinating internal preparation, evidence collection, and communication with auditors to ensure compliance is maintained.
- Respond to customer security questionnaires, due diligence requests, and collaborate with sales and customer success to support commercial activities.
- Oversee and maintain our public security and compliance portal.
- Conduct technical audits, regular internal reviews, and assess controls against internal policies and external standards.
- Translate audit findings and test results into clear, actionable tasks for the engineering and DevOps teams.
- Perform vendor security assessments, managing risk across our supply chain.
- Manage vulnerability and patch management, ensuring critical software libraries are kept up to date.
- Enforce security policies, particularly regarding open-source software and licensing compliance.
- Plan and lead annual Business Continuity and Disaster Recovery tests, reporting outcomes and driving improvements.
- Evaluate and configure Azure security tooling, including firewall, DDoS, and WAF services.
- Contribute to governance processes, reviewing change requests for potential impact on security, privacy, and service availability.
- Collaborate with the Group CIO and DPO, contributing to wider organisational security and data privacy initiatives.
Skills, Qualifications and Experience required:
- A solid background in cyber or information security, with experience operating at a similar level in cloud environments (ideally Azure) OR possess a degree within cyber or information security with the ability to demonstrate the attitude and aptitude to take this next career step.
- Experience working in a software environment that is cloud native.
- Experience of successfully achieving ISO27001 or preferably SOC2 Type 2.
- Strong understanding of application security, cloud infrastructure, and DevOps practices.
- Awareness of industry frameworks, such as NCSC Cyber Assessment Framework, Cyber Essentials Plus and OWASP.
- Experience managing and selecting 3rd party vendors for audit and penetration testing.
- Experience interacting with customer security and data privacy teams.
- Experience conducting or managing penetration tests and security audits.
- Can produce network and security architecture designs using software such as Microsoft Visio.
- Ability to assess risk and prioritise security tasks in a fast-paced environment.
- A pragmatic communicator who can bridge the gap between technical teams and auditors/customers.
- Excellent communication and teamwork skills to collaborate effectively with cross-functional teams.
- Detail-oriented, process-oriented and thorough.
- Must currently hold or be able to hold UK security clearance to SC level or higher.
Advantageous:
- Knowledge of security and data privacy controls within Microsoft Azure Cloud stack with hands on experience configuring and monitoring within Azure.
- Knowledge of UK Government security standards.
- Knowledge of PCI-DSS and achieving suitable standards within software.
In addition to a Competitive Salary, we will offer you: Competitive Group Pension Scheme, Comprehensive Life Assurance, Comprehensive Income Protection, Comprehensive Travel Insurance, Comprehensive Private Healthcare (after successful passing of probation), Electric Car Scheme, Free Car Parking, Discounts at popular Retailers, 2 Paid Volunteering Days each calendar year (subject to line manager approval), Investment in Training, Qualifications and Professional Development (Subject to insurance underwriting).
Due to the volume of applications received, only candidates selected for interview will be contacted. If you do not hear from us within 20 working days then your application has been unsuccessful on this occasion.
Information Security & Compliance Manager employer: Gama Aviation
Contact Detail:
Gama Aviation Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security & Compliance Manager
✨Tip Number 1
Familiarise yourself with SOC 2 Type II accreditation and its requirements. Understanding the nuances of this standard will not only help you in the interview but also demonstrate your commitment to maintaining compliance.
✨Tip Number 2
Network with professionals in the information security field, especially those who have experience with Azure environments. Engaging in discussions or attending relevant meetups can provide insights and potentially lead to referrals.
✨Tip Number 3
Prepare to discuss specific examples of how you've managed third-party relationships and conducted security audits in previous roles. Real-world scenarios will showcase your hands-on experience and problem-solving skills.
✨Tip Number 4
Stay updated on the latest trends and threats in cyber security, particularly those affecting cloud environments. Being knowledgeable about current issues will allow you to engage in meaningful conversations during the interview process.
We think you need these skills to ace Information Security & Compliance Manager
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in information security and compliance, particularly in cloud environments like Azure. Use specific examples that demonstrate your ability to manage security operations and achieve certifications like SOC 2 Type II.
Craft a Strong Cover Letter: In your cover letter, express your enthusiasm for the role and the company. Mention your hands-on experience with security audits and risk management, and how your skills align with the responsibilities outlined in the job description.
Highlight Relevant Skills: Clearly outline your skills related to application security, vendor management, and communication. Emphasise your ability to bridge the gap between technical teams and auditors, as this is crucial for the role.
Proofread Your Application: Before submitting, carefully proofread your application for any spelling or grammatical errors. A polished application reflects your attention to detail, which is essential for an Information Security & Compliance Manager.
How to prepare for a job interview at Gama Aviation
✨Showcase Your Cyber Security Knowledge
Make sure to brush up on your knowledge of cyber security principles, especially those relevant to cloud environments like Azure. Be prepared to discuss your experience with SOC 2 Type II accreditation and how you've successfully navigated similar audits in the past.
✨Demonstrate Problem-Solving Skills
Prepare examples of how you've tackled security challenges in previous roles. Highlight your analytical skills by discussing specific incidents where you identified vulnerabilities and implemented effective solutions.
✨Communicate Effectively
Since this role requires collaboration with cross-functional teams, practice articulating complex security concepts in a way that non-technical stakeholders can understand. This will show your ability to bridge the gap between technical teams and auditors or customers.
✨Be Detail-Oriented
Given the emphasis on attention to detail in the job description, come prepared with examples that demonstrate your thoroughness. Discuss how you've managed documentation, compliance processes, or audits to ensure nothing falls through the cracks.