Cybersecurity & Compliance Manager

Tosca
Dudley
3 days ago
Create job alert

ABOUT TOSCA

Tosca is a global leader in reusable packaging and pooling solutions that service the supply chain end to end. Re-use is the key word as Tosca facilitates moving away from single use packaging towards a circular model of reusable packaging with its robust portfolio of plastic containers, pallets, bins, crates and more. We focus on optimizing the flow of perishables, eliminating waste at every turn – product, packaging, labor and transportation waste. Our reusable plastic products improve the quality of product delivered, create more efficient supply chains, and are more sustainable than single-use packaging.



To strengthen our IT-department at our office in Dudley (UK), we are currently recruiting a driven Cybersecurity & Compliance Manager.



Position purpose


The Cybersecurity & Compliance Manager will lead Tosca's cybersecurity and compliance efforts, ensuring adherence to NIST CFS 2.0, ISO 27001, and other relevant standards. This critical role ensures Tosca’s cyber readiness through the development of security protocols, meticulous documentation maintenance, risk assessments, and strict compliance with regulations. Key responsibilities include monitoring and managing security infrastructure, defining and implementing security policies, managing incident response processes, and promoting cybersecurity awareness across the organization. This global position involves close collaboration with Global IT colleagues, various functions, and third-party partners to integrate security measures seamlessly. Key focus areas include cybersecurity, compliance, and enhancing the user experience while advocating for resilient security within budget constraints. Skills and qualifications required for this role include proven experience in cybersecurity and compliance management, strong understanding of NIST CFS 2.0, ISO 27001 standards, excellent risk assessment and management skills, ability to develop and maintain security protocols and documentation, and effective communication and collaboration skills.


This is a full-time role based in Dudley, UK, with travel up to 30% of the time.



Responsibilities


  • Implement security protocols and manage information security programs
  • Report performance, exceptions, and outages to all audiences transparently.
  • Align disaster recovery with business continuity plans.
  • Ensure compliance with ISO27001, NIST CFS 2.0, and maintain ISMS.
  • Identify risks, develop a comprehensive security plan.
  • Test cyber-attacks regularly to address vulnerabilities.
  • Monitor security trends, adapt strategies.
  • Oversee incident monitoring, detection, response via SOC and MSSPs.
  • Manage security tools like SIEM and endpoint protection.
  • Lead incident response and post-incident analysis.
  • Enforce policies for data privacy (GDPR & NIST).
  • Conduct regular security audits.
  • Manage vendor relationships and negotiate contracts.
  • Report service performance to stakeholders.
  • Coordinate with other Tosca functions for effective implementation.
  • Other relevant responsibilities as required.



Requirements, Experience & Education


  • Bachelor's degree in Computer Science, Information Technology, Information Security, or a related field; a Master's degree is preferred.
  • At least 7-10 years of experience in information security, specifically within security operations, with proven experience in a leadership or management role.
  • Relevant certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CISA (Certified Information Systems Auditor) are highly desirable.
  • Strong knowledge of security frameworks (e.g., ISO 27001, COBIT), security technologies, tools, and best practices across EU, UK, and USA
  • Proficiency in risk management processes, vulnerability assessments, and incident response strategies.
  • Current technical and hands-on experience with security tools and technologies, including Rapid7, Rubrik, Sentinel, and endpoint protection solutions like Microsoft Defender.
  • Excellent analytical, problem-solving, and decision-making skills, with the ability to conduct post-incident analysis and implement corrective actions.
  • Strong communication and interpersonal skills, capable of working effectively with diverse teams and stakeholders.
  • Ability to stay current with security trends, emerging threats, and best practices in the cybersecurity landscape.
  • Experience of manufacturing and/or supply chain industry is preferred.
  • Able to operate in a multinational corporation with several locations.



Competencies


  • You have expertise within Customer/Relationship Management.
  • You have excellent communication skills. You excel in conveying ideas clearly and effectively.
  • You possess specialized knowledge and skills in your field.
  • You have a collaborative spirit. You thrive in teamwork and enjoy working with others.
  • You can analyze situations and make informed decisions
  • You think ahead and plan for long-term success.



Our Offer

You will have a permanent contract with a competitive remuneration package in line with your knowledge and experience.

We continuously invest in your personal and professional development through our training & coaching programs.

You will join a dynamic and fast growing company that is part of a strong international group. We take pride in our green service and encourage our employees to participate in our growth and help us co-define the path to success. You will work in a fun environment with a supportive team that cares about each other and encourages collaboration at all levels.


Interested?

We cultivate a tight-knit team of smart people who care about their work and their colleagues. We believe this is a really exciting opportunity for someone who is up for a fast-paced challenge and is eager to become an integral member of our team.


Send us your CV and your letter of motivation in English. We’re looking forward to meeting you!


We value diversity and equal opportunity. Applicants are welcomed on the basis of their individual merits as we do not discriminate on the grounds of age, sex, disability, ethnic or racial origin, religion or belief, or sexual orientation. With both customers and employees around the world, we are committed to ensuring our team reflects the unique communities around us.


External recruitment services/agencies will not be used for this position.

Related Jobs

View all jobs

Cybersecurity Program Manager (German Speaking)

Cybersecurity Program Manager (German Speaking)

Cybersecurity Program Manager (German Speaking)

OT Manager, Cybersecurity Global

Mid-Market Business Development Manager - Cyber Security

Cyber Security Manager

Get the latest insights and jobs direct. Sign up for our newsletter.

By subscribing you agree to our privacy policy and terms of service.

Industry Insights

Discover insightful articles, industry insights, expert tips, and curated resources.

Jobs

Cyber Security Jobs at Newly Funded UK Start-ups: Q3 2025 Investment Tracker

Cyber security is no longer just a topic for tech-savvy professionals—it’s an essential pillar of every modern organisation. From protecting sensitive customer data to thwarting state-sponsored attacks, cyber security teams play a crucial role in safeguarding digital infrastructures across all sectors. In the UK, cyber security innovation is thriving, fuelled by a fertile mix of venture capital, government backing, and an ever-growing pool of talented specialists. Now, in the third quarter of 2025, we’ve seen a fresh influx of funding for cyber security start-ups that are poised to shape the industry’s future. This Q3 2025 Investment Tracker highlights newly funded UK-based cyber security start-ups, their core offerings, and—most importantly—the wide range of job opportunities they’re creating. Whether you’re a veteran security analyst, a pen tester, or a newcomer eager to explore the defensive side of tech, these start-ups are actively seeking professionals to help drive their next phase of growth. We’ll also guide you through the essential skills in demand, strategies to secure a role, and how to leverage CyberSecurityJobs.tech to fast-track your job search.

Jobs

Portfolio Projects That Get You Hired for Cyber Security Jobs (With Real GitHub Examples)

With rising cyber threats and increasingly sophisticated attacks, cyber security has become a critical priority for organisations worldwide. From penetration testers (pentesters) and SOC analysts to cloud security engineers and threat intelligence specialists, the demand for skilled cyber security professionals continues to surge. But how do you stand out in a growing field? Alongside your CV, an impressive cyber security portfolio can be the distinguishing factor that convinces employers you’re the right fit. In this comprehensive guide, you’ll discover: Why a cyber security portfolio is essential for job seekers in this domain. How to align portfolio projects with different cyber security career paths. Real GitHub examples that demonstrate best practices in security-focused projects. Actionable project ideas you can start today, from penetration testing labs to blue-team detection pipelines. Best practices for organising your repos and presenting your work so hiring managers can instantly see your impact. When you’re ready to pursue your next opportunity, remember to upload your CV on CyberSecurityJobs.tech. Our specialised platform connects talented security professionals with employers who need your expertise—exactly what your portfolio will showcase.

Jobs Careers

Cyber Security Job Interview Warm‑Up: 30 Real Coding & System‑Design Questions

The need for skilled cyber security professionals has never been greater. As organisations rapidly digitise their operations and store increasing amounts of sensitive data online, cyber threats loom large—ranging from sophisticated ransomware attacks to insider threats and state‑sponsored espionage. Against this backdrop, cyber security jobs remain some of the most in‑demand and mission‑critical roles on the market. If you’re preparing for a cyber security interview, expect to be tested on a broad spectrum of topics—from secure coding and incident response to network security architecture and compliance standards. In many cases, companies also include problem‑solving exercises and system design scenarios to gauge how well you can apply theoretical knowledge to real‑world threats. To help you ace these assessments, we’ve compiled 30 real coding & system‑design questions you might encounter. Each reflects a key area of cyber security—whether it’s encryption and key management, threat modelling, or designing a zero‑trust network. Along the way, we’ll offer insights and best practices so you can stand out from the crowd. If you’re on the lookout for exciting cyber security roles in the UK, head to www.cybersecurityjobs.tech. There, you’ll discover a range of positions—covering everything from penetration testing and threat intelligence to compliance management and security operations. Let’s dive into the essentials of interview readiness.

🍪 We use cookies to enhance your browsing experience on our website. By continuing to use this site, you consent to the use of cookies as described in our Cookie Policy. You can review our Cookie Policy for more information.