Compliance & Information Security Manager

Company Description

At Quorum Cyber, we’re on a mission to help good people win. Founded in Edinburgh in 2016, we’re one of the fastest growing cyber security companies in the UK and North America, serving over 400 customers on four continents. We protect organisations against the rising threat of cyber-attacks, enabling them to thrive in an increasingly unpredictable and inhospitable digital landscape. As a Microsoft‑only security house, a Microsoft Solutions Partner for Security, a member of the Microsoft Intelligent Security Association (MISA), and winner of the Microsoft Security MSSP of the Year 2025 award, we offer a unified security ecosystem comprised of innovative services, all delivered through our customer platform, Clarity.

In September 2024, Quorum Cyber acquired Canada‑based, Microsoft Solutions Partner for Security, Difenda. This was closely followed in December 2024 by the acquisition of US‑based, Kivu Consulting, a global cyber security firm with world‑leading incident response capabilities.

The Compliance & Information Security Manager is responsible for establishing, maintaining, and continuously improving Quorum Cyber’s information security posture and regulatory compliance framework. This role serves as the cornerstone of our security governance, ensuring that our cybersecurity services business operates with the highest standards of security and compliance while enabling business growth and client trust. The position requires a strategic leader who can translate complex regulatory requirements into practical, business‑enabling security controls while fostering a culture of security awareness throughout the organisation.

• Develop and implement comprehensive information security policies, procedures, and standards aligned with industry best practices and regulatory requirements
• Design and maintain the organisation’s security governance framework, ensuring clear accountability and oversight mechanisms
• Lead security risk assessments and vulnerability management programs, prioritising remediation efforts based on business impact
• Collaborate with senior leadership to integrate security considerations into business strategy and decision‑making processes

• Establish and maintain compliance programs for relevant frameworks including ISO 27001, SOC 2, GDPR, PCI DSS, CE+ and industry‑specific regulations
• Coordinate internal and external audits, managing remediation activities and ensuring timely closure of findings
• Monitor regulatory changes and assess their impact on business operations, implementing necessary adjustments to maintain compliance
• Develop and maintain compliance documentation, evidence collection processes, and reporting mechanisms

• Oversee security incident response processes, ensuring rapid detection, containment, and recovery from security events
• Manage security awareness training programs, creating a security‑conscious culture across all organizational levels
• Coordinate with IT teams to ensure secure system configurations, patch management, and access controls

• Serve as the primary point of contact for clients, auditors, and regulatory bodies on security and compliance matters
• Collaborate with sales and delivery teams to support client security requirements and RFP responses
• Provide regular security and compliance reporting to executive leadership and board members
• Build and maintain relationships with external security partners, vendors, and industry peers

• Deep understanding of information security frameworks (NIST, ISO 27001, SOC2, CMMC, CIS Controls)
• Proficiency in security technologies including SIEM, vulnerability management, endpoint protection, and network security
• Knowledge of cloud security principles and practices across major platforms (AWS, Azure, GCP)
• Understanding of security architecture principles and secure software development practices
• Experience with security assessment tools and methodologies

• Extensive experience with regulatory frameworks relevant to cybersecurity…