Security, Compliance & Assurance Manager

Salary:
Dependent on Experience

Location:

Flexible:
Reigate or Manchester area

Job type:
Full time

Working Pattern: 2 days per week onsite | 4.5 day working week (Half day Fridays)

We are building the next generation of call intelligence and AI-driven insight platforms. Over the next three years, our focus is on evolving from a strong analytics foundation into an outcome-driven, API-first platform that embeds intelligence directly into customer workflows.

This is an opportunity to join us at a pivotal stage. You’ll help shape both how we build and what we build, working on systems that process high-volume, high-value data and increasingly leverage AI and automation to deliver measurable customer and business outcomes.

We value pragmatic engineering, clear thinking, and continuous learning. Our teams are small, autonomous, and outcome-focused, with a strong emphasis on quality, ownership, and collaboration.

We are entering our next growth phase - investing in AI-powered platform scalability, operational excellence and maturity, and cost-efficient growth to support our long‑term strategy and enterprise ambitions.

• Own the day-to-day operation and maintenance of Infinity’s Information Security Management System (ISMS), ensuring documentation remains current, accurate, and audit-ready as the organisation evolves
• Conduct a structured review of Infinity’s compliance posture against ISO 27001:2022, building on our existing certification to ensure controls remain robust, current, and continuously improving – this is the immediate foundation the role builds from
• Maintain and evolve the risk register, asset register, and control framework – ensuring they reflect the real state of the organisation and are not treated as point-in-time artefacts
• Drive the internal audit programme and coordinate external certification audits, acting as the primary point of contact for our certification body
• Ensure policies, procedures, and supporting documentation remain fit for purpose as the organisation evolves – particularly as AI platform capability and agentic delivery practices mature

• Own operational compliance with PCI‑DSS v4.0.1 – coordinating evidence, managing the relationship with our QSA, and ensuring controls remain effective between audit cycles
• Maintain working knowledge of GDPR and ICO obligations as they apply to Infinity’s data practices – flagging risks, supporting Data Protection Impact Assessments, and ensuring compliance considerations are embedded in product and platform decisions
• Monitor the evolving regulatory landscape – including NIS2 and future SOC 2 scope – and maintain a clear view of what Infinity will need to do to meet emerging obligations, surfacing priorities to the CTO in good time

• Partner with the Head of Dev Ops to drive Infinity’s move toward continuous penetration testing – coordinating the programme with our pen testing partner Aikido, managing remediation tracking, and ensuring findings are addressed and evidenced systematically
• Own the Info Sec request process – responding to client and prospect security questionnaires, due diligence requests, and vendor assessments with accuracy and confidence, and building a reusable library that reduces the overhead over time
• Maintain oversight of security tooling and controls – working with Dev Ops on vulnerability management, access controls, and security scanning – ensuring the technical controls that underpin certification are operating as intended
• Support incident response processes – maintaining the incident response plan, coordinating tabletop exercises, and ensuring the organisation is prepared to respond effectively when it matters

• Produce regular security and compliance reporting for the CTO and senior leadership – giving clear, evidence-based visibility of Infinity’s posture, open risks, and progress against remediation plans
• Build and maintain the metrics and dashboards that make security posture visible and meaningful – not just for internal governance but for external audiences including clients,…