Information and Cyber Security Manager

Overview

Would you like to help enrich the lives of learners around the world?

At RM, we’ve been pioneers of education technology since 1973. We provide technology and resources to the education sector, supporting over 10 million students worldwide. We work with over 28,000 schools, nurseries, and education trusts in 115 countries to deliver customer-centric solutions that improve education outcomes.

What we do helps learners at all stages of their lives, from preschool to higher education and professional qualification; we partner with schools, examination boards, central governments, and other professional institutions to enrich the lives of learners.

RM Group operates through three businesses: Technology (Managed Services, Software, and Infrastructure for Schools), Assessment (Software and Services), and TTS (Educational Resources).

Within the assessment market we are experts in providing solutions for online exam testing and marking and the management and analysis of educational data. We work with government ministries, exam boards, and professional awarding bodies for high-stakes assessment such as GCSEs, A Levels, and professional qualifications. Each year, our software is used globally to conduct hundreds of thousands of on-screen tests and to mark millions of paper-based scripts. For over a decade we have been partnering with the world’s leading awarding bodies to deliver intuitive, secure, and reliable e-marking solutions.

Visit our website to find out more:

The Information and Cyber Security Manager is a senior role that is integral to the company’s continued success. Reporting to the Operations Director, the role supports both RM’s IT and Assessment divisions, ensuring alignment and stakeholder engagement across these critical areas. This position is responsible for defining and executing a robust security strategy that aligns with the company’s overall business objectives, as well as applying divisional security requirements tailored to the unique customer, product, and service contexts within each division.

The Information and Cyber Security Manager is responsible for assuring the businesses reasonable and fit-for-purpose information security, regulatory and customer compliance, and designing a to-be security posture that enables the business to be positioned for emerging information threats. The businesses estate, workforce, associates and equipment are in a complex environment and deal with high-profile public establishments and large amounts of personal data. The complex estate encompasses:

• Remote, in-house and distributed workforce.
• Software product development including exam marking and delivery platforms.
• ISP services to education.
• eCommerce and distribution centre operations.
• Digital content and product development for education.
• Managed service provision across hundreds of UK school networks.
• Majority workforce and markets in UK and India, also Australia and potentially other territories.

This is a leadership role that requires accountability and a proactive approach, influencing stakeholders at all levels across the business. The job holder must be capable of engaging with senior leadership, operational teams, and external stakeholders, as well as maintaining robust relationships with customers where necessary.

Additionally, the Information and Cyber Security Manager will lead and manage a team of four, comprising an Information Security Manager, Internal Auditor, Security Operations Manager, and a Quality & Governance Consultant. This team is responsible for managing ISMS, BCMS, and Quality processes in line with ISO 27001, 22301, and 9001 certifications.

Key Responsibilities

Leadership:

• Act as the Security Subject Matter Expert across both IT and Assessment divisions, providing strategic guidance and ensuring all stakeholders understand and implement security policies effectively.
• Provide technical security leadership and support to Architecture, Engineering, and Operational teams as they develop and run products and services.
• Own and manage Information Security Certifications (ISO 27001, PCI-DSS, Cyber Essentials, etc.).
• Support security vendor selection, audits, and management.
• Champion a culture of security awareness and continuous improvement across the organisation.

Security Strategy & Risk Management:

• Develop and implement a comprehensive, proactive security strategy that incorporates threat intelligence, risk management, compliance, and behavioural security awareness.
• Oversee security operations, incident management, and threat detection to ensure risks are identified and mitigated effectively.
• Maintain oversight of third-party and supply chain security to ensure robust protections are in place.
• Ensure alignment between corporate risk appetite and security policies.

Policy & Procedure:

• Implement group-wide security policies and standards, ensuring they are adapted effectively.
• Define and own divisional security standards tailored to products and services.
• Monitor and report on policy compliance, driving continual improvement in security governance.

Risk & Incident Management:

• Identify and manage cybersecurity risks, ensuring accountability is assigned and appropriate mitigation plans are in place.
• Lead the response to security incidents, working cross-functionally to drive timely resolution and learning.
• Conduct post-incident analysis to inform future security improvements.

Customer & External Stakeholder Engagement:

• Work with customer account teams to ensure contractual security commitments are met across UK and international markets.
• Engage with external regulatory bodies, audit agencies, and third parties to assess and improve the company’s cyber resilience.

Governance & Compliance:

• Implement a security governance framework to ensure products and services align with industry best practices.
• Drive the strategy for security certifications and ensure ongoing compliance with ISO 27001, PCI-DSS, NIST CSF, and GDPR.
• Provide regular reporting to senior leadership and stakeholders on security performance and risk posture.

Experience

• Proven experience in a senior information security leadership role within a complex, regulated environment.
• Strong technical expertise across cloud security, software development, network security, and Microsoft technology stack.
• Ability to lead and develop high-performing teams, ensuring accountability and continuous development.
• Experience in engaging at all levels of an organisation, including influencing senior stakeholders.
• Deep understanding of ISO 27001, PCI-DSS, Cyber Essentials, GDPR, and NIST CSF.
• Strong organisational planning, problem-solving, and resource mobilisation skills.
• Proven ability to work under pressure in fast-changing business environments, managing competing priorities effectively.
• Experience in both leading and preparing for cyber incident response.
• Vendor selection and supplier management expertise.

This role requires a strategic mindset, technical depth, and strong leadership capabilities to drive the company’s cybersecurity posture forward. The Information and Cyber Security Manager will play a crucial role in ensuring security is embedded into every aspect of the company’s operations while proactively addressing emerging threats and regulatory requirements.

What’s in it for you?

At RM we have My Work Blend @RM which provides office-based colleagues with multi location and hybrid working options. As well as your office base, you can spend a proportion of your time working at other locations that suit your role and your life, including home, other offices, customer sites, distribution centres or on the move. We encourage you to discuss arrangements for this role with your potential line manager during the recruitment process.

RM is committed to safeguarding and promoting the welfare of children and expects all permanent and temporary staff to share this commitment. This role is exempt from the Rehabilitation of Offenders Act 1974 and all successful candidates will be subject to Disclosure and Barring Service (DBS) checks along with other relevant employment checks.

As well as a competitive salary and our core benefits package which includes private medical healthcare, life assurance and a Group Personal Pension Plan with higher contribution levels available, some roles are also eligible for a performance-related bonus. There are lots of voluntary benefits too. You could buy additional annual leave, join our dental plan, sign up for a health assessment, or take part in our cycle to work scheme. You could even earn yourself an extra bonus for successfully recommending a friend or family member for a position within RM.

To better reflect the society that we serve, we’re committed to building a diverse workforce and creating an inclusive and welcoming environment for all. To achieve this, we create teams of talented people from different backgrounds and experiences and strive to be a business where our people can bring their whole selves to work, we also want to make the recruitment process as inclusive as possible for everyone. Should you require additional support with your application or through the interview process, please contact us at .

Unfortunately, we are unable to offer visa sponsorship for this role.

#J-18808-Ljbffr