Compliance & Information Security Manager

Background:
Agilio Software Group is the UK’s largest provider of back‑office, compliance, and workforce solutions in primary care and dental. We have ambitious and exciting growth plans and are looking for talented individuals to join us on this journey.

The Compliance & Information Security Manager Role:
We are recruiting for a Compliance & Information Security Manager to maintain and enhance the company’s compliance and information security posture. You will manage certifications, audits, and governance activities, ensuring ongoing compliance with ISO 27001, PCI‑DSS, Cyber Essentials Plus, GDPR, and other relevant standards and regulations.

Home‑based with occasional travel to company offices and suppliers.

• Maintain and improve the company’s Information Security Management System (ISMS) in line with ISO 27001.
• Oversee annual Cyber Essentials Plus certification and ensure ongoing compliance.
• Run internal and support external security audits, assessments, and penetration tests.
• Manage security awareness training and internal communication of security policies.
• Maintain risk registers, track remedial actions, and report key risks to senior management.

• Act as the company’s Data Protection Officer (DPO), managing data protection compliance and incident reporting under UK GDPR.
• Ensure compliance with PCI‑DSS and the NHS DSP Toolkit, coordinating with relevant teams and suppliers.
• Maintain documentation, policies, and procedures for compliance frameworks.
• Coordinate responses to customer security questionnaires and due‑diligence requests.
• Monitor and report on compliance performance metrics.

• Work with IT, Engineering, and Product teams to embed secure‑by‑design practices.
• Support incident response investigations and post‑incident reviews.
• Recommend and track improvements to information security and data protection practices.
• Stay informed on relevant regulatory updates and industry trends.

• Hands‑on experience managing or supporting ISO 27001 and Cyber Essentials Plus certifications.
• Working knowledge of PCI‑DSS, GDPR, and general data protection principles.
• Experience coordinating audits and maintaining compliance documentation.
• Strong organisational skills with attention to detail and ability to manage multiple projects.
• Excellent communication and stakeholder management skills across business units.

If you feel you have what it takes to join our team, we look forward to receiving your application!