PCI and Compliance Lead

Working at the Cumberland you become part of something special. We’re a Mutual organisation committed to improving the lives of our colleagues, customers and community. Our values are incredibly important to us.

We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work, bringing your energy and creativity to make a positive difference, then this is the job for you.

We have an exciting opportunity for a PCI and Compliance Lead to join our Information Security team for a fixed term of 18 months.

• Salary – up to £64,898 per annum, depending on skills and experience.
• Holidays – 25 days holiday plus public holidays and the opportunity to buy and sell up to 3 days.
• Learning and Development – We want you to grow in your role. We’ll work together to support your personal and professional development.
• Hybrid Working – The tools and equipment you need to work from home when appropriate.
• Health and Wellbeing – Calendar of events and activities throughout the year – Mental Health & Wellbeing champions and Cycle‑to‑Work scheme.
• Community Day – An extra paid day off each year to help local charities and community organisations.

Reporting to the Information Security Assurance Manager, you’ll be responsible for oversight, management and continuous compliance of the Payment Card Industry Data Security Standard (PCI DSS) requirements across the Society within the Information Security Assurance Team.

You’ll assist in the oversight and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber‑criminals, and carry out audits in line with the assurance calendar.

You’ll build key relationships with all teams and colleagues across the Society and work closely with 1st line risk colleagues – Payments and Technology.

You’ll manage the relationship with Qualified Security Assessors (QSAs); coordinating annual assessment and remediation activities, Regulatory Bodies; providing evidence and reporting for PCI compliance and Third‑Party Service Providers; completing assurance reviews and compliance verifications for suppliers handling PCI data.

We’re looking for someone with significant experience in an Information Security role within a Financial Services‑led environment. You’ll have a strong technical understanding and background inclusive of on‑premise and cloud environments.

We’d like you to have a formal qualification in an Information Security discipline, e.g. CISM. Where significant experience can be demonstrated this will be considered.

You’ll have in‑depth knowledge of information security, with very good experience of compliance such as ISO27001, NIST, PCI DSS, REP018, CBEST & CQUEST requirements – ideally holding the PCI Internal Security Assessor qualification.

• Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level.
• Ability to work autonomously, be organised and work under pressure.
• Strong relationship management and influencing skills.
• Attention to detail to ensure accurate assessment and management of risk.
• Strong analytical skillset.
• Good understanding of general IT security concepts and principles.
• Ability to effectively prioritise situations requiring urgent attention.
• Ability to work as a team and on own initiative to think outside the box and go the extra mile.
• Pro‑activity and self‑motivation with proven ability to drive results and provide excellent customer service to all levels of the organisation.
• High level of motivation to see success delivered through own personal efforts and those around them.
• Ability to demonstrate and enhance the core values of the Society.
• Willingness to work outside of normal working hours when required.

We’re here to create a banking experience that’s kinder to people and planet.

Unlike banks we don’t have public or private shareholders which means we can invest 100 % of our profits back into our business. As a result, our business is purpose‑led, financially strong, socially responsible and always focused on our people, planet and communities.