Information Security Manager in England

Reporting to: Senior Information Risk Owner (SIRO)

Dept/Pillar: Revenue & Transformation

Hours: 37 (full-time)

Grade/Salary: From £53,893 (dependent on experience)

Contract Type: Fixed Term Contract until 31 March 2028

Vetting Level: NPPV 3 & SC

Responsible for overseeing the Information Security approach for BlueLight Commercial (BLC), providing assurance that BLC IT systems, processes and procedures are operating within risk tolerance. Co‑ordinating and delivering non‑technical controls such as policy, process, and training, as well as collaborating with IT partner cyber resources on delivery of the technical controls. The Information Security Manager leads the development and delivery of a robust security framework across BLC. The role ensures alignment with UK policing, fire and public sector standards while operating in a commercial environment. This role also involves working with others to ensure information security is embedded into new projects and supporting the organisation’s response to any information security incidents. This role will have ownership of the SyAP (Security Assurance for Policing) framework for the organisation and will oversee delivery of the associated action plan, reporting to relevant governance and assurance boards such as BLC Audit & Risk and Finance & Commercial Committee. Remote working nationally within UK.

BlueLight Commercial is a company set up by the Home Office to deliver commercial excellence into policing with the ambition to be the trusted commercial partner of blue light organisations, delivering value through collaboration, commercial expertise and innovation.

You will operate across technology, data and operational teams, working closely with senior stakeholders, external partners and policing bodies such as Police Digital Service (PDS). You will play a key role in building a strong security culture across a collaborative, agile and evolving organisation.

Responsibilities and accountabilities:

• To provide subject matter expertise and advice to the respective SIRO’s and other key stakeholders on Information Security related matters.
• Lead the activity associated with the security framework, ensuring BLC achieve and maintain the agreed minimum national standard.
• Ensure information security policies, processes and guidance are in place, fit for purpose, up to date, available, and used, to inform and where necessary enforce security behaviour across the respective organisations.
• Collaborate with colleagues to develop and deliver ongoing training and awareness activity across a range of expertise and responsibility but with initial focus on highest risk areas.
• Ensure BLC has an effective response to cyber incidents, alerts, and threats, to include defined roles and responsibilities, and escalation routes, as well as regular exercising and continuous improvement.
• Oversee a risk‑based approach to auditing, including scoping and commissioning on behalf of the respective organisations, and supporting partner agency requirements. This will include physical as well as technical and procedural audits.
• Ensure resultant findings and recommendations are recorded and assessed and activity is prioritised.
• Liaise with stakeholders across the landscape to embed information security into change activity at the outset, supporting Secure By Design and Data Protection by Design principles, and ensure completion of any associated risk review, escalation and acceptance processes and documentation.
• Work with colleagues to ensure supplier security assessment and continuous improvement is embedded in all finance and commercial processes.
• Other responsibilities include supporting the remote workforce for all IT and equipment, HR support, finance, governance assurance, information management and data protection protocols.

Qualifications & Accreditations:

• Degree or equivalent experience
• CISSP, CISM or ISO 27001 certification

Experience & Knowledge:

• Experience in security leadership
• ISO 27001 implementation
• Risk and compliance ideally within public sector or policing environments

Skills:

• Strong cyber security knowledge
• Stakeholder engagement
• Risk translation
• Analytical thinking
• Communication

Personal Qualities:

• Resilient
• Collaborative
• Professional
• Adaptive
• Committed to continuous improvement

Equality, Diversity and Inclusion:

We foster a work environment that is inclusive as well as diverse, where our people can be themselves. We value every idea and perspective towards helping us to evolve and innovate.

What We Offer – Total Rewards Package:

• Starting salary £53,893 p.a. (dependent on experience)
• Quality equipment for successful remote working: laptop, mobile phone, monitor, chair & desk and a Welcome ‘kit box’
• 12% employer pension contribution
• Support for your development for your role and future career development (a framework to achieve this)
• Pension salary sacrifice scheme
• Life insurance 4 x salary
• 28 days annual leave (rising on service) plus paid bank holiday leave
• Birthday Leave (1 x extra day per year to be used in birthday month)
• Occupational sick pay
• Wellness – free vouchers for eye test and flu jab
• Employee Assistance Programme for health and wellbeing
• 1 x annual professional subscription
• Learning Management System – access to free training & e‑learning (more than 80,000 learning resources)

The legal bit:

The successful applicant will be subject to pre‑employment checks including medical screening and vetting (carried out externally NPPV3). Due to the nature of our business this is important. As standard you will need to satisfy: Employment eligibility check (right to work in the UK); Residency qualification (meaning you must have a 5 year ‘checkable history’ in the UK, ideally you have been and you are a resident in England or Wales for the last 5 years); Employment references (last 3 years or educational / personal reference where applicable).

NPPV3: This level of vetting grants the applicant to have unsupervised, unrestricted access to police premises and systems and could include those working in areas where the police roles have been identified as designated posts. NPPV3 allows access to classified police material or information up to SECRET and occasional access to TOP SECRET. Clearance at SC level, sits alongside NPPV3 allows applicants access to a higher level of secure information and systems.