Information Security Manager

Information Security Manager

Location: Remote (with 1 day per month in the office)

Salary: £75,000 + Bonus + Benefits

Type: Permanent, Full-Time

We are a leading SaaS business at the forefront of digital transformation, delivering innovative solutions to clients worldwide. As we continue to scale, we are seeking an experienced Information Security Manager to drive our security strategy and ensure the highest standards of compliance and resilience across our platform and operations.

As Information Security Manager, you will be the security champion for our organisation, working closely with Compliance, Engineering, Product, Legal, and our DPO. You will guide secure-by-design practices, lead threat modelling and vulnerability assessments, and provide expert security guidance to both internal and external stakeholders.

You will manage continuous improvement and security change management processes, oversee business continuity and disaster recovery, and lead incident response and security operations. You will own and maintain our Information Security Management System (ISMS), and lead our ISO 27001, Cyber Essentials Plus, and SOC 2 readiness, certification, and ongoing compliance.

Key Responsibilities

• Guide secure-by-design practices in platform and product development
• Conduct threat modelling and vulnerability assessments
• Provide security guidance to stakeholders (internal & external)
• Manage continuous improvement and security change management processes
• Oversee business continuity and disaster recovery processes
• Lead incident response and security operations
• Own and maintain the Information Security Management System (ISMS)
• Lead ISO 27001, Cyber Essentials Plus, and SOC 2 readiness, certification, and ongoing compliance
• Develop and enforce security policies, standards, and procedures
• Oversee security awareness training and culture-building initiatives
• Stay up to date on regulatory concerns and evolving information security trends
• Monthly reporting and trend identification to inform business governance
• Own ISO 27001, SOC 2, security policies, technical controls, incident response, DevSecOps, and security operations

About You

• Proven experience in information security management within a SaaS or technology-driven environment
• Strong knowledge of ISO 27001, SOC 2, Cyber Essentials Plus, and ISMS frameworks
• Experience leading incident response, business continuity, and disaster recovery processes
• Excellent communication skills, able to engage with technical and non-technical stakeholders
• Strong analytical, organisational, and leadership skills
• Relevant certifications (e.g., CISSP, CISM, ISO 27001 Lead Implementer/Auditor) are highly desirable