Compliance & Information Security Manager

At Quorum Cyber, we\’re on a mission to help good people win. Founded in Edinburgh in 2016, we\’re one of the fastest growing cyber security companies in the UK and North America, serving over 400 customers on four continents.

We protect organisations against the rising threat of cyber-attacks, enabling them to thrive in an increasingly unpredictable and inhospitable digital landscape.

As a Microsoft-only security house, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and winner of the Microsoft Security MSSP of the Year 2025 award, we offer a unified security ecosystem comprised of innovative services, all delivered through our customer platform, Clarity.

In September 2024, Quorum Cyber acquired Canada-based, Microsoft Solutions Partner for Security, Difenda. This was closely followed in December 2024 by the acquisition of US-based, Kivu Consulting, a global cyber security firm with world-leading incident response capabilities.

Role Purpose

The Compliance & Information Security Manager is responsible for establishing, maintaining, and continuously improving Quorum Cyber\’s information security posture and regulatory compliance framework. This role serves as the cornerstone of our security governance, ensuring that our cybersecurity services business operates with the highest standards of security and compliance while enabling business growth and client trust. The position requires a strategic leader who can translate complex regulatory requirements into practical, business-enabling security controls while fostering a culture of security awareness throughout the organisation.

What I Do Is

Strategic Security Leadership

• Develop and implement comprehensive information security policies, procedures, and standards aligned with industry best practices and regulatory requirements
• Design and maintain the organisation\’s security governance framework, ensuring clear accountability and oversight mechanisms
• Lead security risk assessments and vulnerability management programs, prioritising remediation efforts based on business impact
• Collaborate with senior leadership to integrate security considerations into business strategy and decision-making processes

Compliance Management

• Establish and maintain compliance programs for relevant frameworks including ISO 27001, SOC 2, GDPR, PCI DSS, CE+ and industry-specific regulations
• Coordinate internal and external audits, managing remediation activities and ensuring timely closure of findings
• Monitor regulatory changes and assess their impact on business operations, implementing necessary adjustments to maintain compliance
• Develop and maintain compliance documentation, evidence collection processes, and reporting mechanisms

Operational Security Excellence

• Oversee security incident response processes, ensuring rapid detection, containment, and recovery from security events
• Manage security awareness training programs, creating a security-conscious culture across all organizational levels
• Coordinate with IT teams to ensure secure system configurations, patch management, and access controls

Stakeholder Engagement

• Serve as the primary point of contact for clients, auditors, and regulatory bodies on security and compliance matters
• Collaborate with sales and delivery teams to support client security requirements and RFP responses
• Provide regular security and compliance reporting to executive leadership and board members
• Build and maintain relationships with external security partners, vendors, and industry peers

The Skills I Need Are

Technical Expertise

• Deep understanding of information security frameworks (NIST, ISO 27001, SOC2, CMMC, CIS Controls)
• Proficiency in security technologies including SIEM, vulnerability management, endpoint protection, and network security
• Knowledge of cloud security principles and practices across major platforms (AWS, Azure, GCP)
• Understanding of security architecture principles and secure software development practices
• Experience with security assessment tools and methodologies

Compliance & Regulatory Knowledge

• Extensive experience with regulatory frameworks relevant to cybersecurity services (GDPR, SOC 2, ISO 27001, PCI DSS, CMMC)
• Understanding of audit processes and evidence collection requirements
• Knowledge of data protection laws and cross-border data transfer regulations
• Familiarity with industry-specific compliance requirements (financial services, healthcare, government)

Leadership & Communication

• Strong leadership capabilities with experience managing security and compliance teams
• Excellent written and verbal communication skills, with ability to explain complex security concepts to non-technical stakeholders
• Project management skills with experience leading cross-functional security initiatives
• Ability to influence and drive change across organisational boundaries

Business Acumen

• Understanding of cybersecurity service delivery models and business operations
• Experience in risk-based decision making and cost-benefit analysis for security investments
• Knowledge of vendor management and third-party risk assessment processes
• Ability to balance security requirements with business objectives and operational efficiency

Professional Qualifications

• Relevant security certifications (CISSP, CISM, CISA, or equivalent)
• Compliance certifications (ISO 27001 Lead Auditor, SOC 2 practitioner)
• Degree in Information Security, Computer Science, or related field
• Minimum 7-10 years of experience in information security and compliance roles

I Know I Have Done A Great Job If

Compliance Excellence

• Quorum Cyber maintains all required certifications and compliance standards with zero critical findings during audits
• Compliance documentation is comprehensive, current, and easily accessible for audits and client requests
• The organisation successfully passes all regulatory examinations and third-party assessments
• Compliance processes are streamlined and integrated into business operations without creating unnecessary friction

Security Posture Improvement

• Security incidents are minimised through proactive controls and rapid response capabilities
• Security metrics demonstrate continuous improvement in threat detection, response times, and vulnerability remediation The organisation maintains a mature security culture with high levels of security awareness across all teams
• Security controls effectively protect client data and organisational assets while enabling business growth

Stakeholder Confidence

• Clients consistently rate Quorum Cyber\’s security and compliance posture as a competitive advantage
• Executive leadership has clear visibility into security risks and compliance status through regular, meaningful reporting
• Security and compliance activities directly support business development and client retention efforts
• External auditors and regulators view the organisation as a well-controlled, low-risk entity

Operational Efficiency

• Security and compliance processes are automated where possible, reducing manual effort and human error
• The security team operates efficiently with clear roles, responsibilities, and performance metrics
• Security investments are aligned with business priorities and demonstrate measurable return on investment
• Compliance activities are planned and executed smoothly without disrupting business operations

Strategic Impact

• Security and compliance capabilities serve as differentiators in the competitive cybersecurity services market
• The organisation\’s security posture enables expansion into new markets and service offerings
• Security policies and procedures are recognised as industry best practices by peers and clients
• The compliance framework supports sustainable business growth while maintaining security excellence
• My colleagues have received helpful guidance and advice, allowing them to do their jobs more efficiently
• I have raised my profile inside and outside of Quorum Cyber

Other Information

You will get an excellent salary, with world class benefits.

As leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.

Our Commitment to Equality & Diversity

\”Our diversity is a huge part of our success, and collecting data during the hiring process helps us understand how to keep strengthening and supporting that diversity.\”

We are an equal opportunities employer. We welcome applications from all suitably qualified individuals and are committed to ensuring fairness and eliminating discrimination in our recruitment processes. We do not discriminate on the basis of age, disability, gender reassignment, marriage or civil partnership, pregnancy or maternity, race, religion or belief, sex, or sexual orientation.

The information requested below is collected to help us meet our obligations under UK equality legislation and to support our ongoing diversity and inclusion efforts. Providing this information is entirely voluntary. It will not be shared with hiring managers and will not form part of any hiring decision. Choosing not to provide this information will not affect your application in any way.