Compliance & Information Security Manager

CompanyQuorum Cyber

LocationEdinburgh, Scotland, United Kingdom

Posted At3/4/2026

UK Visa Sponsorship Analytics

Occupation Type

Cyber security professionals

Occupation Code Skill LevelHigher Skilled

Sponsorship Salary Threshold

£48,500 (£24.87 per hour)

Occupation rate applies

Above analytics are generated algorithmically based on job titles and may not always be the same as the company's job classification. You can also check detailed occupation eligibility, and salary criteria on our UK Visa Eligible Occupations & Salary Thresholds page.

Disclaimer: Hunt UK Visa Sponsors aggregates job listings from publicly available sources, such as search engines, to assist with your job hunting. We do not claim affiliation with Quorum Cyber. For the most up-to-date job details, please visit the official website by clicking "Apply Now."

Description

Company Description:

At Quorum Cyber, we're on a mission to help good people win. Founded in Edinburgh in 2016, we're one of the fastest growing cyber security companies in the UK and North America, serving over 400 customers on four continents.

We protect organisations against the rising threat of cyber-attacks, enabling them to thrive in an increasingly unpredictable and inhospitable digital landscape.

As a Microsoft-only security house, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and winner of the Microsoft Security MSSP of the Year 2025 award, we offer a unified security ecosystem comprised of innovative services, all delivered through our customer platform, Clarity.

In September 2024, Quorum Cyber acquired Canada-based, Microsoft Solutions Partner for Security, Difenda. This was closely followed in December 2024 by the acquisition of US-based, Kivu Consulting, a global cyber security firm with world-leading incident response capabilities.

Job Purpose:

The Compliance & Information Security Manager is responsible for establishing, maintaining, and continuously improving Quorum Cyber's information security posture and regulatory compliance framework. This role serves as the cornerstone of our security governance, ensuring that our cybersecurity services business operates with the highest standards of security and compliance while enabling business growth and client trust. The position requires a strategic leader who can translate complex regulatory requirements into practical, business-enabling security controls while fostering a culture of security awareness throughout the organisation.

What I Do Is:

Strategic Security Leadership

Develop and implement comprehensive information security policies, procedures, and standards aligned with industry best practices and regulatory requirements
Design and maintain the organisation's security governance framework, ensuring clear accountability and oversight mechanisms
Lead security risk assessments and vulnerability management programs, prioritising remediation efforts based on business impact
Collaborate with senior leadership to integrate security considerations into business strategy and decision-making processes

Compliance Management

Establish and maintain compliance programs for relevant frameworks including ISO 27001, SOC 2, GDPR, PCI DSS, CE+ and industry-specific regulations
Coordinate internal and external audits, managing remediation activities and ensuring timely closure of findings
Monitor regulatory changes and assess their impact on business operations, implementing necessary adjustments to maintain compliance
Develop and maintain compliance documentation, evidence collection processes, and reporting mechanisms

Operational Security Excellence

Oversee security incident response processes, ensuring rapid detection, containment, and recovery from security events
Manage security awareness training programs, creating a security-conscious culture across all organizational levels
Coordinate with IT teams to ensure secure system configurations, patch management, and access controls

Stakeholder Engagement

Serve as the primary point of contact for clients, auditors, and regulatory bodies on security and compliance matters
Collaborate with sales and delivery teams to support client security requirements and RFP responses
Provide regular security and compliance reporting to executive leadership and board members
Build and maintain relationships with external security partners, vendors, and industry peers

The Skills I Need Are:

Technical Expertise

Deep understanding of information security frameworks (NIST, ISO 27001, SOC2, CMMC, CIS Controls)
Proficiency in security technologies including SIEM, vulnerability management, endpoint protection, and network security

Knowledge of cloud security principles and practices across major platforms (AWS, Azure, GCP)

Understanding of security architecture principles and secure software development practices

Experience with security assessment tools and methodologies

Compliance & Regulatory Knowledge

Extensive experience with regulatory frameworks relevant to cybersecurity services (GDPR, SOC 2, ISO 27001, PCI DSS, CMMC)
Understanding of audit processes and evidence collection requirements
Knowledge of data protection laws and cross-border data transfer regulations
Familiarity with industry-specific compliance requirements (financial services, healthcare, government)

Leadership & Communication

Strong leadership capabilities with experience managing security and compliance teams
Excellent written and verbal communication skills, with ability to explain complex security concepts to non-technical stakeholders
Project management skills with experience leading cross-functional security initiatives
Ability to influence and drive change across organisational boundaries

Business Acumen

Understanding of cybersecurity service delivery models and business operations
Experience in risk-based decision making and cost-benefit analysis for security investments
Knowledge of vendor management and third-party risk assessment processes
Ability to balance security requirements with business objectives and operational efficiency

Professional Qualifications

Relevant security certifications (CISSP, CISM, CISA, or equivalent)
Compliance certifications (ISO 27001 Lead Auditor, SOC 2 practitioner)
Degree in Information Security, Computer Science, or related field
Minimum 7-10 years of experience in information security and compliance roles

I Know I Have Done A Great Job If:

Compliance Excellence

Quorum Cyber maintains all required certifications and compliance standards with zero critical findings during audits
Compliance documentation is comprehensive, current, and easily accessible for audits and client requests
The organisation successfully passes all regulatory examinations and third-party assessments

Compliance processes are streamlined and integrated into business operations without creating unnecessary friction

Security Posture Improvement

Security incidents are minimised through proactive controls and rapid response capabilities
Security metrics demonstrate continuous improvement in threat detection, response times, and vulnerability remediation
The organisation maintains a mature security culture with high levels of security awareness across all teams
Security controls effectively protect client data and organisational assets while enabling business growth

Stakeholder Confidence

Clients consistently rate Quorum Cyber's security and compliance posture as a competitive advantage
Executive leadership has clear visibility into security risks and compliance status through regular, meaningful reporting
Security and compliance activities directly support business development and client retention efforts
External auditors and regulators view the organisation as a well-controlled, low-risk entity

Operational Efficiency

Security and compliance processes are automated where possible, reducing manual effort and human error
The security team operates efficiently with clear roles, responsibilities, and performance metrics
Security investments are aligned with business priorities and demonstrate measurable return on investment
Compliance activities are planned and executed smoothly without disrupting business operations

Strategic Impact

Security and compliance capabilities serve as differentiators in the competitive cybersecurity services market
The organisation's security posture enables expansion into new markets and service offerings
Security policies and procedures are recognised as industry best practices by peers and clients
The compliance framework supports sustainable business growth while maintaining security excellence
My colleagues have received helpful guidance and advice, allowing them to do their jobs more efficiently
I have raised my profile inside and outside of Quorum Cyber

Other Information:

You will get an excellent salary, with world class benefits.

As leading-edge technology company you will have access to the latest technology, and an environment that will encourage and nurture your curiosity. We are passionate about your development, and you will be empowered to advance your skills and expertise.

Our commitment to Equality and Diversity:

"Our diversity is a huge part of our success, and collecting data during the hiring process helps us understand how to keep strengthening and supporting that diversity."

We are an equal opportunities employer. We welcome applications from all suitably qualified individuals and are committed to ensuring fairness and eliminating discrimination in our recruitment processes. We do not discriminate on the basis of age, disability, gender reassignment, marriage or civil partnership, pregnancy or maternity, race, religion or belief, sex, or sexual orientation.

The information requested below is collected to help us meet our obligations under UK equality legislation and to support our ongoing diversity and inclusion efforts. Providing this information is entirely voluntary. It will not be shared with hiring managers and will not form part of any hiring decision. Choosing not to provide this information will not affect your application in any way.