Security Compliance Manger - PCI DSS Specialist

Job Description

Are you the kind of person who spots a misplaced data packet the way others spot typos? Do you get a tiny spark of joy from a perfectly documented process or a beautifully segmented network diagram? If so… we should definitely talk.

As our Security Compliance Manager, you’ll be the guardian of our most prized digital treasure, our information assets and payment environments. Think of yourself as the protector of our Cardholder Data Kingdom: part detective, part strategist, part compliance wizard!

Your mission? To make sure our organisation not only meets PCI DSS v4.01 standards but absolutely nails them, with robust controls, airtight evidence, and a compliance rhythm smoother than a freshly patched server.

You’ll be the go-to expert on all things PCI, orchestrating assessments, guiding teams, taming audit chaos, charming QSAs, decoding vulnerabilities, and making sure our controls not only exist but actually work. And because your superpowers extend beyond PCI, you’ll also help steer ISO27001, support our security accreditations, and champion continuous improvement across our security ecosystem.

If you love diving into detail, shaping best practice, keeping systems honest, and sleeping soundly knowing you’ve prevented chaos before it even thought about happening, this is your kind of playground!

Who we are

The UK’s fastest broadband network. The nation’s best-loved mobile brand. And, one of the UK's biggest companies too. We put our customers first, making life simpler, smoother, and more joyful. With big ambitions and a brilliant team, we’re building a more connected future for everyone.

Our ways of working

We’re a flexible-first organisation, because we know people do their best work when they have choice and clarity. To support meaningful collaboration, we ask everyone to spend at least eight days each month connecting in person.

That doesn’t just mean time in the office, it could be team meetings, offsites, volunteering days, multi-functional projects, or away days - anywhere meaningful collaboration happens. What matters is making those moments purposeful, so when we come together, it really counts.

Accessible, inclusive and equitable for all

Virgin Media O2 is an equal opportunities employer, and we're working hard to remove bias and barriers for our people and candidates. So, we build equity and inclusion into everything we do, from the policies we craft to the relationships we shape. We support and encourage you to be your authentic self throughout your application journey with us.

The must haves

In order to be considered, you must have the following experience;

• Proven hands-on experience supporting PCI DSS assessments, including full ROC activity and assessor engagement.
• Deep, practical understanding of PCI DSS v4.01 requirements, their intent, and how they apply within real-world payment environments.
• Good ability to interpret, validate, and map both technical and procedural controls to PCI obligations.
• A demonstrated ability in information security, governance, risk, or compliance roles.
• Solid experience operating and maintaining controls aligned to frameworks such as ISO 27001 and Cyber Essentials.
• Demonstrated ability to deliver or support internal and external audits, ensuring clear evidence, accurate reporting, and timely follow‑up on findings.
• Robust knowledge of network security and segmentation, with practical experience applying secure design principles.
• Good understanding of operating system and application hardening, following industry benchmarks and practice standards.
• Confident knowledge of encryption and key management, including secure handling processes and lifecycle controls.
• Good grasp of identity and access management, covering authentication, access control models, and privileged access practices.
• Good working knowledge of risk management principles, with the ability to identify, assess, prioritise, and support remediation of security risks.

The other stuff we are looking for

We'd also love you to bring;

• Builds strong, collaborative relationships by engaging with collaborators at all levels, creating trust through consistency, clarity, and a solutions‑focused approach.
• Communicates information clearly and confidently, tailoring style and detail to the audience to ensure complex security concepts are understood, actionable, and aligned to shared goals.

What's in it for you

Our goal is to celebrate our people, their lives and everything in-between. We aim to create a culture that empowers everyone to bring the best versions of themselves to work each and every day. We believe the most inclusive and diverse culture makes for a better business and a brighter world.

Working at Virgin Media O2, you get a bumper reward package bursting with benefits, and loads of extras you can add if you’d like to. These are designed to support both you and your loved ones, making sure that you’re covered no matter what life throws your way.

Next steps

If we feel like a place where you can belong, we'd love to learn more about you as a person and your experience to date. Once you've submitted an application the next steps of the process, if successful, are likely to include two stage interview process.

When you apply, you'll be asked about any adjustments you might need to support the recruitment process. Let us know, and we'll be sure to discuss it with you.

Please note: Applications will be reviewed, and interviews conducted throughout the duration of this advert, therefore we may bring the closing date forward. We encourage all interested applicants to apply as soon as possible. If you’re offered a job with us, it will be conditional, based on the passing of background checks. All roles require a criminal record check and some roles need a financial probity check. Your recruiter can provide you with more information if needed.

Thanks for your patience and for showing an interest in joining the Virgin Media O2 family.

#LI-LM1