Security, Compliance & Assurance Manager in Manchester

Salary: Dependent on Experience

Location: Flexible: Reigate or Manchester area

Job type: Full time

Working Pattern: 2 days per week onsite | 4.5 day working week (Half day Fridays)

About Infinity

We are building the next generation of call intelligence and AI‑driven insight platforms. Over the next three years, our focus is on evolving from a strong analytics foundation into an outcome‑driven, API‑first platform that embeds intelligence directly into customer workflows. This is an opportunity to join us at a pivotal stage. You’ll help shape both how we build and what we build, working on systems that process high‑volume, high‑value data and increasingly leverage AI and automation to deliver measurable customer and business outcomes. We value pragmatic engineering, clear thinking, and continuous learning. Our teams are small, autonomous, and outcome‑focused, with a strong emphasis on quality, ownership, and collaboration. We are entering our next growth phase – investing in AI‑powered platform scalability, operational excellence and maturity, and cost‑efficient growth to support our long‑term strategy and enterprise ambitions.

ISMS Management & Continual Improvement

• Own the day‑to‑day operation and maintenance of Infinity’s Information Security Management System (ISMS), ensuring documentation remains current, accurate, and audit‑ready as the organisation evolves.
• Conduct a structured review of Infinity’s compliance posture against ISO 27001:2022, building on our existing certification to ensure controls remain robust, current, and continuously improving.
• Maintain and evolve the risk register, asset register, and control framework – ensuring they reflect the real state of the organisation and are not treated as point‑in‑time artefacts.
• Drive the internal audit programme and coordinate external certification audits, acting as the primary point of contact for our certification body.
• Ensure policies, procedures, and supporting documentation remain fit for purpose as the organisation evolves.

PCI‑DSS & Regulatory Compliance

• Own operational compliance with PCI‑DSS v4.0.1 – coordinating evidence, managing the relationship with our QSA, and ensuring controls remain effective between audit cycles.
• Maintain working knowledge of GDPR and ICO obligations as they apply to Infinity’s data practices – flagging risks, supporting Data Protection Impact Assessments, and ensuring compliance considerations are embedded in product and platform decisions.
• Monitor the evolving regulatory landscape – including NIS2 and future SOC 2 scope – and maintain a clear view of what Infinity will need to do to meet emerging obligations.

Security Operations & Assurance

• Partner with the Head of DevOps to drive Infinity’s move toward continuous penetration testing – coordinating the programme with our pen testing partner Aikido, managing remediation tracking, and ensuring findings are addressed and evidenced systematically.
• Own the InfoSec request process – responding to client and prospect security questionnaires, due diligence requests, and vendor assessments with accuracy and confidence.
• Maintain oversight of security tooling and controls – working with DevOps on vulnerability management, access controls, and security scanning.
• Support incident response processes – maintaining the incident response plan, coordinating tabletop exercises, and ensuring the organisation is prepared to respond effectively when it matters.

Reporting & Visibility

• Produce regular security and compliance reporting for the CTO and senior leadership – giving clear, evidence‑based visibility of Infinity’s posture, open risks, and progress against remediation plans.
• Build and maintain the metrics and dashboards that make security posture visible and meaningful.
• Represent Infinity’s security and compliance credentials credibly in commercial conversations.

AI Governance & Emerging Obligations

• Partner with the Head of AI Platform & Applied Intelligence on AI governance requirements.
• Ensure security and compliance considerations are embedded in the design of new AI features and platform capabilities from the outset.

AI‑Augmented Security & Compliance

• Actively adopt and champion the use of AI tooling to improve the efficiency and effectiveness of security and compliance operations.
• Stay current with how AI is reshaping the compliance and security landscape.

About You

Essential

• Solid working knowledge of ISO 27001 – ideally including hands‑on experience maintaining an ISMS, preparing for certification audits, and managing the continual improvement cycle.
• Practical understanding of PCI‑DSS and GDPR as they apply in a B2B SaaS context.
• A detail‑oriented, ownership‑driven approach.
• Strong written communication skills.
• The organisational capability to maintain multiple workstreams simultaneously.
• Comfortable working as an individual contributor with broad organisational reach.

Highly Desirable

• Experience responding to enterprise InfoSec questionnaires and supporting security due diligence processes in a commercial context.
• Familiarity with continuous penetration testing approaches and programmes.
• Working knowledge of NIS2 and SOC 2.
• Exposure to AI governance frameworks, including ISO/IEC 42001.
• Experience working within a cloud‑native environment.
• Relevant professional qualifications – CISSP, CISM, ISO 27001 Lead Auditor or Implementer, or equivalent.

Benefits You Can Enjoy

• 4.5 day working week (Half day every Friday – 1 pm finish).
• 25 days holiday (with the option to buy up to an additional 5 days per year).
• Private single medical insurance.
• Employee Assistance Programme.
• Life Assurance (4× Salary).
• Enhanced Maternity and Paternity Pay.
• Tech Scheme Loan (of up to £2,000 per year).
• Ride to Work Scheme.
• Season Ticket Loan.
• Dedicated annual company and team social budget.

We’re an equal opportunities employer. That means we'll never discriminate based on race, religion, origin, gender expression, sexual orientation, age, marital status, social economics status or disability status. In fact, our recruitment process is completely anonymised, and we don't see any of your personal details when we review your application.