PCI and Compliance Lead

Working at the Cumberland, you become part of something special. We’re a Mutual organisation, committed to improving the lives of our colleagues, customers, and community. Our values are incredibly important to us.

We’re on an exciting transformational journey with our people firmly at the forefront of our plans. If you want to work for a team integral in helping to drive cultural change, a team where you can bring your whole self to work bringing your energy and creativity to make a positive difference, then this is the job for you.

We have an exciting opportunity for a PCI and Compliance Lead to join our Information Security team for a fixed term of 18 months.

• Salary - up to £64,898 p.a. - depending on skills and experience.
• Holidays - 25 days holiday plus public holidays and the opportunity to buy and sell up to 3 days.
• Learning and Development opportunities - We want you to grow in your role. We’ll work together to support your personal and professional development.
• Hybrid Working - the tools and equipment you need to be able to work from home when you need to, depending on your role.
• Health and Wellbeing - a calendar of events and activities throughout the year, Mental Health & Wellbeing champions, and Cycle to Work scheme.
• Community Day - We offer our people an extra paid day off every year to help local charities and community organisations.

Reporting to our Information Security Assurance Manager, you’ll be responsible for oversight, management and continuous compliance of the Payment Card Industry Data Security Standard (PCI DSS) requirements across the Society within the Information Security Assurance Team. You’ll assist in the oversight and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals as well as carrying out audits in line with the assurance calendar. You’ll build key relationships with all teams / colleagues across the Society and work closely with 1st line risk colleagues, Payments and Technology. You’ll manage the relationship with Qualified Security Assessors (QSAs); coordinating annual assessment and remediation activities, Regulatory Bodies; providing evidence and reporting for PCI compliance, and Third‑Party Service Providers; completing assurance reviews and compliance verifications for suppliers handling PCI data.

We’re looking for someone with significant experience in an Information Security role within a Financial Services led environment. You’ll have a strong technical understanding and background, inclusive of on premise and cloud environments. We’d like you to have a formal qualification in an Information Security discipline e.g., CISM. Where significant experience can be demonstrated, this will be considered. You’ll have in-depth knowledge in information security, having very good experience of compliance such as ISO27001, NIST, PCI DSS, REP018, CBEST & CQUEST requirements, ideally holding the PCI Internal Security Assessor qualification.

• Excellent interpersonal, written and verbal communication skills and the ability to work well with people at every level
• Ability to work with autonomy, be organised and able to work under pressure
• Strong relationship management and influencing skills
• Attention to detail to ensure accurate assessment and management of risk
• Strong analytical skillset
• Possess good level of understanding on general IT security concepts and principles
• Ability to effectively prioritise situations requiring urgent attention
• Ability to work as a team and on own initiative to think ‘outside of the box’ and go the extra mile
• Pro‑activity and self‑motivated with the proven ability to drive results and provide excellent customer services to all levels of the organisation
• High level of motivation to see success delivered through own personal efforts and those around them
• Ability to demonstrate and enhance the core values of the Society
• Willingness to work outside of normal working hours when required

We’re here to create a banking experience that’s kinder to people and planet.

Unlike banks, we don’t have public or private shareholders which means we can invest 100% of our profits back into our business. As a result, our business is purpose‑led, financially strong, socially responsible and always focused on our people, planet and communities.