Cyber Security Compliance Manager in Leeds

Location: We operate a hybrid schedule, meaning 2-3 days a week in the office based at Thorpe Park, Leeds.

Salary: £ DOE plus extensive benefits

Contract type: Permanent

Employment type: Full time

Working hours: We work on a core hours principle. Our core hours are 09:30 - 16:00; you can work around these to suit you!

Do you want to work for the nation’s largest online pharmacy ensuring excellence for all our patients? We’re a market leader in the pharmacy world, with 25 years’ experience, helping over 1.8 million patients in England manage their NHS prescriptions from request through to delivery. We are Great Place to Work certified as we consider colleague experience a top priority every day, and as a certified B Corp we also meet high standards of social and environmental responsibility. Our people are fundamental to our success and ensuring we achieve our vision to be a world leading, patient-centric digital healthcare provider. We are committed to continuing to develop a positive, open and honest working environment for all.

Our tech teams keep us running 24/7 to make sure all our patients get world class service. To support that, this role may include participation in an out-of-hours rota as required by the business. We operate fair scheduling process as well as additional compensation for all on call periods.

The Cyber Security Compliance Manager plays a pivotal role in shaping and demonstrating the organisation’s cyber security maturity. The role brings cyber governance to life, owning risk, compliance, and assurance while providing clear, executive‑level insight into the organisation’s security posture. From developing meaningful KPIs and dashboards to supporting cyber due‑diligence across mergers and acquisitions, this role sits at the centre of growth, trust, and accountability. It offers the opportunity to influence decision‑making, strengthen security foundations, and help scale a secure, resilient organisation, without being focused on day‑to‑day technical delivery.

Why you’ll love working with us

• Financial security & rewards
• Competitive contributory pension
• Occupational sick pay
• Long-service awards and refer-a-friend bonuses
• Professional registration fees covered (GPhC, NMC, CIPD and more)
• Cycle to Work and Green Car schemes (subject to eligibility)
• Family-friendly
• Enhanced maternity and paternity pay
• Flexible hybrid working to help balance work and home life
• Health & wellbeing
• Private healthcare insurance at discounted rates (Aviva)
• Employee Assistance Programme and in-house mental health support
• Access to discounted gym memberships via Blue Light Card and benefits schemes
• Regular health and wellbeing initiatives
• Career growth
• Strong commitment to CPD, training and professional development
• Time off & flexibility
• 25 days’ annual leave, increasing with service
• Buy and sell holiday scheme
• Everyday perks & exclusive discounts
• Blue Light Card and employee discount platform
• Exclusive discounts at The Springs, Leeds
• 25% off health & beauty purchases
• 25% off Pharmacy2U Private Online Doctor services
• Culture & community
• Regular social events throughout the year

What you’ll be doing?

• Lead the organisation’s cyber security governance, risk, and compliance (GRC) strategy
• Maintain continuous alignment with the cyber security baseline across all business units
• Ensure ongoing audit readiness through proactive control monitoring and evidence management
• Strengthen the cyber control environment by identifying gaps and driving remediation activities
• Oversee compliance with regulatory, contractual, and internal cyber security requirements
• Manage and maintain the enterprise cyber risk register, ensuring risks are accurately assessed and tracked
• Monitor, analyse, and report cyber security KPIs to senior stakeholders
• Conduct cyber security assessments across partners, vendors, and subsidiaries
• Support cyber due‑diligence activity related to mergers and acquisitions
• Identify and assess cyber risks associated with new business opportunities
• Provide structured risk management guidance to both technical and non‑technical teams
• Translate complex compliance requirements into clear, actionable guidance
• Coordinate cross‑functional stakeholders to ensure consistent implementation of security controls
• Drive continuous improvement in cyber compliance processes and reporting
• Prepare and present compliance insights, dashboards, and risk updates to leadership

Who are we looking for?

• Experience leading governance, risk, and compliance (GRC) programmes across complex organisations
• Experience managing cyber security audits (internal, external, and regulatory) and maintaining continuous audit readiness
• Experience developing, implementing, and monitoring cyber security controls aligned to frameworks such as CIS18, ISO 27001, NIST CSF, SOC 2, or similar
• Experience maintaining and operating enterprise cyber risk registers, including risk identification, assessment, scoring, and reporting
• Experience conducting cyber security assessments of third parties, vendors, partners, and subsidiaries
• Experience supporting cyber due‑diligence activities during mergers, acquisitions, or divestments
• Experience monitoring and reporting cyber KPIs and compliance metrics to senior leadership and cross‑functional stakeholders
• Ability to interpret regulatory, contractual, and policy requirements and translate them into actionable compliance obligations
• Ability to communicate complex cyber compliance concepts to both technical and non‑technical audiences
• Strong analytical skills and experience applying structured risk‑management methodologies to evaluate control effectiveness and identify gaps
• Experience using Power BI to generate reports and dashboards would be an advantage

What happens next?

Please click apply and if we think you are a good match, we will be in touch to arrange an interview. Applicants must prove they have the right to live in the UK. All successful applicants will be required to undergo a DBS check. Unsolicited agency applications will be treated as a gift.