Compliance & Information Security Manager

Compliance & Information Security Manager

Background:
Agilio Software Group is the UK’s largest provider of back-office, compliance, and workforce solutions in primary care and dental. We have ambitious and exciting growth plans and are looking for talented individuals to join us on this journey.

The Compliance & Information Security Manager Role:
We are recruiting for a Compliance & Information Security Manager to maintain and enhance the company’s compliance and information security posture. You will manage certifications, audits, and governance activities, ensuring ongoing compliance with ISO 27001, PCI-DSS, Cyber Essentials Plus, GDPR, and other relevant standards and regulations.

Home-based with occasional travel to company offices and suppliers.

Compliance & Information Security Manager Key Responsibilities:

Information Security Management

• Maintain and improve the company’s Information Security Management System (ISMS) in line with ISO 27001.
• Oversee annual Cyber Essentials Plus certification and ensure ongoing compliance.
• Run internal and support external security audits, assessments, and penetration tests.
• Manage security awareness training and internal communication of security policies.
• Maintain risk registers, track remedial actions, and report key risks to senior management.

Compliance & Governance

• Act as the company’s Data Protection Officer (DPO), managing data protection compliance and incident reporting under UK GDPR.
• Ensure compliance with PCI-DSS and the NHS DSP Toolkit, coordinating with relevant teams and suppliers.
• Maintain documentation, policies, and procedures for compliance frameworks.
• Coordinate responses to customer security questionnaires and due-diligence requests.
• Monitor and report on compliance performance metrics.

Collaboration & Continuous Improvement

• Work with IT, Engineering, and Product teams to embed secure-by-design practices.
• Support incident response investigations and post-incident reviews.
• Recommend and track improvements to information security and data protection practices.
• Stay informed on relevant regulatory updates and industry trends.

Compliance & Information Security Manager Essential Experience & Skills:

• Hands-on experience managing or supporting ISO 27001 and Cyber Essentials Plus certifications.
• Working knowledge of PCI-DSS, GDPR, and general data protection principles.
• Experience coordinating audits and maintaining compliance documentation.
• Strong organisational skills with attention to detail and ability to manage multiple projects.
• Excellent communication and stakeholder management skills across business units.

If you feel you have what it takes to join our team, we look forward to receiving your application!