Security, Compliance & Assurance Manager | Hybrid | up to £85,000 + Benefits
La Fosse are supporting a growing B2B technology business in the search for a Security, Compliance & Assurance Manager to take ownership of security governance, audit readiness, compliance operations, and assurance activity.
This is a newly defined individual contributor role created to bring clear accountability to an area that has previously been shared across the business. The company works within regulated frameworks and now needs a dedicated specialist to strengthen controls, coordinate testing and reporting, and ensure security and compliance activity is properly managed. It is a collaborative role suited to someone who is proactive, process-driven, and comfortable operating in a changing environment.
Responsibilities
* Own the day-to-day operation and continuous improvement of the organisation’s ISMS, ensuring documentation, controls, and supporting evidence remain current and audit-ready
* Manage compliance activity across key frameworks, including ISO 27001 and PCI-DSS, while supporting readiness for evolving requirements such as SOC 2 and NIS2
* Coordinate penetration testing activity end to end, ensuring testing takes place as planned, findings are tracked, and remediation is properly evidenced
* Partner closely with DevOps and other technical stakeholders to understand testing strategy, control effectiveness, and separation of duties across the environment
* Produce clear, accurate security and compliance reporting for senior stakeholders, with visibility of risks, remediation activity, and overall posture
* Own and improve the response process for client and prospect InfoSec questionnaires, due diligence requests, and related assurance activity
* Maintain and improve policies, procedures, and control documentation so they are practical, credible, and aligned to regulatory expectations
* Support wider security operations and assurance processes, including audit coordination, risk tracking, incident readiness, and internal reviews
* Build strong working relationships across the business to ensure compliance obligations are understood and delivered in a joined-up way
* Help embed security and compliance thinking into a growing product and engineering function, including newer AI-led and agentic delivery models
Requirements
* Experience in a security, compliance, assurance, or information security governance role within a B2B SaaS, technology, or similarly regulated business
* Strong practical knowledge of ISO 27001 and experience maintaining an ISMS in a live operational environment
* Good working understanding of PCI-DSS and the ability to translate regulatory requirements into practical controls, evidence, and reporting
* Experience coordinating assurance activity across technical teams, including vulnerability management, penetration testing, or security review processes
* Comfortable working closely with DevOps, engineering, legal, and commercial stakeholders in a highly collaborative but non-managerial role
* Strong written skills, with the ability to produce high-quality policies, procedures, reports, and customer-facing security responses
* Highly process-driven, organised, and detail-focused, with a proactive mindset and high standards around accuracy and follow-through
* Able to operate effectively in a business going through change, where priorities are evolving and structure is still maturing
* A collaborative, low-ego style with the confidence to ask questions, challenge gaps, and drive activity forward
Desirable
* Experience supporting client security reviews, RFP security responses, or enterprise due diligence processes
* Exposure to SOC 2, NIS2, GDPR, or broader data protection and regulatory obligations
* Familiarity with cloud-based or SaaS delivery environments
* Relevant certifications such as CISSP, CISM, ISO 27001 Lead Auditor, or similar
For more information, please apply.