Information Security Manager

Information Security Manager

Full-Time 70000 - 90000 £ / year (est.) No working from home possible
British Land Company

At a Glance

  • Tasks: Lead the charge in safeguarding British Land's information assets and enhancing security governance.
  • Company: Join a forward-thinking company dedicated to innovation and security excellence.
  • Benefits: Enjoy a competitive salary, hybrid work model, and opportunities for professional growth.
  • Other info: Be part of a dynamic team with excellent career advancement opportunities.
  • Why this job: Make a real difference in information security while working with cutting-edge technologies like AI.
  • Qualifications: Experience in information security and a passion for emerging tech are essential.

The predicted salary is between 70000 - 90000 £ per year.

  • Career Opportunities: Information Security Manager (11003)
  • REPORTING TO : Head of Information Security
  • TYPE OF CONTRACT : PERMANENT

Reporting to the head of information security, this role plays a central part in protecting British Land's information assets across both business technology and property technology.

The primary focus is on the development, implementation, and management of British Land's information security governance, risk, and compliance programme — ensuring alignment with regulatory requirements, industry standards (e. g.

Iso 27001, nist), and good practice.

As a member of a small, high-impact team, the role requires an all-rounder who can move comfortably between governance activities and broader cyber security topics.

The successful candidate will have sufficient technical understanding to engage credibly with the wider infosec team, challenge supplier technical proposals, and contribute to operational security activities where required.

An appreciation of emerging technologies, particularly ai, and a genuine interest in how these can be leveraged to strengthen information security, is essential.

  • WHAT YOU’LL DO
  • Assisting with the support of technologies in the following categories:
  • Governance
  • Develop and maintain information security policies, standards, and procedures.
  • Ensure alignment of security policies with business objectives and regulatory requirements.
  • Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures.
  • Complete security assessments for third party suppliers, assets (buildings/retail) and projects to ensure adherence to cyber security policies and standards.
  • Deliver and maintain the supplier risk assessment process.
  • Identify and assess information security risks across the organisation and maintain the risk register.
  • Develop and implement risk mitigation strategies and action plans.
  • Conduct regular risk assessments and audits to ensure compliance with security policies and standards.
  • Monitor and report on the status of risk management activities.
  • Compliance
  • Ensure compliance with relevant laws, regulations, and industry standards (e. g., GDPR, iso 27001).
  • Coordinate and support internal and external audits and assessments.
  • Develop and deliver security awareness and training programs to employees.
  • Maintain documentation and evidence of compliance activities.
  • Advocacy
  • Articulating the need for information security and compliance.
  • Building strong stakeholders’ relationships across the business to enable effective communication and delivery of infosec objectives.
  • Responsible for delivery of infosec controls which are effectively designed and implemented.
  • Identify security gaps and work with stakeholders to clearly define remediation actions.
  • Provide guidance and support to business units on security-related matters.
  • Security awareness training.

Managing courses, rollout, liaison with training team.

Arranging phishing tests and metrics, providing remediation training in person to required employees.

  • Management of information security steerco meeting. Taking minutes, organising meetings and actions. Supporting the committee in the role of secretary.
  • Supporting technology projects with security analysis on any proposed solutions & ensuring any risks are highlighted and addressed as part of the project.
  • Coordinate with stakeholders in relation to cyber security issues and provide future recommendations.
  • Research and generate reports for both technical and non-technical staff and stakeholders.
  • Give advice and guidance to staff on information security related issues.
  • Defining and monitoring security policies and best practice standards.
  • Develop and maintain a working understanding of British Land's security technology stack (e. g.

Siem, email security, dlp, endpoint, identity, vulnerability management) sufficient to engage credibly with the wider infosec team and its systems.

  • Critically review and challenge supplier technical proposals, architectures and security testing reports (e. g.

Soc 2, penetration test reports) ensuring proportionate controls are in place.

  • Provide informed input into security testing scope (e. g. Penetration testing, configuration reviews) and review remediation activity with suppliers.
  • Support incident response and operational infosec activities as required, providing cover and acting as an all-round contributor in a small team.
  • Maintain awareness of ai developments relevant to information security, including both the risks (e. g.

Shadow ai, agentic systems, data exposure) and the opportunities (e. g.

Ai-assisted analysis, automation, threat detection).

  • Support the application of British Land's ai governance framework, including risk review of ai use cases.
  • Identify and pilot opportunities to leverage ai capability within the infosec function to improve productivity, coverage, and effectiveness.

ABOUT YOU

  • Strong written and oral communication skills.
  • Passionate about information security and proactive in recommending ways to further improve our security posture.
  • Strong Microsoft office skills.
  • Self-motivated problem solver.
  • Strong time management and organisational skills.
  • Pragmatic – making the best of the tools that we have and getting the best out of them. Recognise the balance between security and productivity.
  • Understanding of information security risk management concepts.
  • Experience of working collaboratively within an it department.
  • Technically curious – comfortable engaging with the wider infosec team on operational and technical topics, willing to learn and able to ask the right questions of suppliers and technical specialists.
  • Genuine interest in ai and its application to information security.
  • Comfortable with breadth over depth – happy operating across multiple disciplines in a small team rather than specialising narrowly.
  • REQUIRED SKILLS
  • Demonstrable experience in an information security role with significant exposure to grc, alongside working knowledge of broader cyber security disciplines (e. g.

Supplier assurance, security testing, incident response, security operations).

  • Experience of iso 27001 isms implementation and management, and certification process (working with external and internal auditors).
  • Strong Microsoft 365 skills, including familiarity with enterprise security tooling.
  • Third party risk management software (such as surecloud or onetrust or similar).
  • Working understanding of common cyber security domains (e. g. Network security, endpoint protection, identity and access management, vulnerability management, security testing).
  • PREFERRED SKILLS
  • ISO 27001 or nist framework experience.
  • Surecloud/grc/alternatives.
  • Exposure to ai governance frameworks (e. g. Nist ai rmf) or developing ai use-case risk assessments.
  • Exposure to property technology would be a distinct advantage.
  • Experience reviewing penetration test reports, soc 2 reports, or supplier security architectures.
  • Experience with security tooling such as siem, email security platforms or vulnerability scanning.
  • Hands‑on experience supporting incident response of security operations activities.

Desirable Accreditations

  • ISO 27001 lead auditor/implementer certification.
  • Ci SSP, CISM or equivalent.
  • Comptia security+ or equivalent foundational technical certification.
  • Experience of taking detailed minutes during senior or executive level meetings.
  • #J-18808-Ljbffr

Information Security Manager employer: British Land Company

British Land is an excellent employer, offering a dynamic work environment in the heart of Central London. With a strong focus on employee growth and development, you will have the opportunity to collaborate with diverse stakeholders while ensuring compliance with GDPR and data protection legislation. The hybrid working model promotes a healthy work-life balance, making it a rewarding place for those looking to make a meaningful impact in data privacy.

British Land Company

Contact Details:

British Land Company Recruitment Team

We think you need these skills to ace Information Security Manager

Information Security Governance
Risk Management
Compliance with GDPR
ISO 27001 Implementation
Cyber Security Awareness
Supplier Risk Assessment
Security Policy Development