Information Security and Compliance Manager

The Information Security and Compliance Manager is responsible for defining and implementing the organisation's information security strategy to protect data, systems, and intellectual property. This role ensures compliance with UK, European and North American regulations and industry standards, while embedding security into the software development lifecycle. What your key responsibilities will be:

Strategic Leadership

• Develop and execute a security strategy aligned with business and product objectives.
• Advise senior leadership on emerging threats, risk posture, and security investments.

Governance & Compliance

• Establish and maintain an information security governance framework.
• Ensure compliance with UK and international standards, including: GDPRPCI DSSPCI 3DSSOC 2NIST 800-61 r3
• Oversee internal and external audits and certification processes.
• Manage and complete security assessments for 3rd parties, customers and insurance purposes.
• Work in partnership with Legal team to define information security contractual requirements.
• Interact with customers, to demonstrate compliance with legal and contractual requirements.

Risk Management

• Audit risk assessment activity and determine mitigation strategies.
• Manage third-party and supply chain security risks.

Secure Development

• Work closely with engineering teams to: integrate security into the software development lifecycle, define secure coding standards and oversee code review processes.

Security Operations

• Lead incident response and disaster recovery planning.
• Oversee vulnerability management, penetration testing, and threat intelligence.

Policy & Awareness

• Develop and enforce security policies and standards.
• Deliver security awareness training across the organisation.

• Degree in Computer Science, Cyber Security, or related discipline .
• 5+ years of experience in information security, including leadership roles.
• Professional certifications such as CISSP or CISM.
• Detailed understanding of GDPR.
• Strong knowledge of compliance frameworks (PCI DSS, PCI 3DS, SOC 2).
• Knowledge of the DRATA GRC platform.
• Experience in secure software development practices and cloud security.
• Strategic thinking and ability to align security with business goals.
• Excellent communication and stakeholder engagement skills.
• Strong analytical and problem-solving abilities.

ATCORE is the leading international supplier of technology solutions for the leisure travel sector. With our market-leading reservation and distribution platform, we empower travel businesses to meet the needs of travellers through our suite of bespoke solutions. Our customers range from large vertically integrated groups, through to smaller specialist operators who enjoy a variety of service offerings. We provide applications support, hosting support and monitoring to keep our customers running 24x7. Our ATCOM software - built on the Oracle platform is the beating heart of their business, the place where millions of holidays are created, found and booked., We offer a wide range of benefits, including employer matched contributory pension scheme, business and personal travel insurance, healthcare schemes, life insurance, and many more. We carefully recruit, retain and develop our most talented personnel and, as a result, have a uniquely low level of employee turnover of around 5%. Half of our employees have been with the company for 10 years or more, a level of longevity very rare in the technology sector. Based in Slough, UK, with offices in North London and Cardiff, we are 200 employees strong and hire people with an unparalleled combination of industry and technical expertise. Join in the creation of technologies that impact millions of travellers in a multi-trillion-dollar industry. Be part of a highly motivated family and grow your career with the guidance of strong leadership.