Information Security Manager

I'm excited to share that one of our clients is hiring for an Information Security Lead in London! Below are the job details. If you're interested, please send your CV to apply.

Location: London

Duration: Permanent, fulltime

Job Type: Hybrid (3-4 days per week onsite)

Purpose: The Information Security Lead will be responsible for ensuring the confidentiality, integrity, and availability of client's information and IT systems. The ideal candidate will have experience in information security within the energy, mining, chemicals, or process manufacturing sectors and will apply that expertise to enhance client's security posture. This role will involve developing and executing the information security strategy, leading security initiatives, assessing vulnerabilities, and ensuring compliance with relevant industry regulations while adapting security practices to the unique needs of the soda and chemicals industries.

Key Responsibilities:

• Develop and implement client's information security strategy, ensuring alignment with business objectives, regulatory requirements, and industry best practices.
• Lead the creation, review, and enforcement of information security policies, procedures, and guidelines tailored to the soda production and chemicals sectors.
• Conduct regular risk assessments and vulnerability analyses to identify and address potential security risks, ensuring proactive measures to protect sensitive data and operational systems.
• Stay updated on the latest security threats, trends, and regulatory changes, and ensure the organization’s security measures evolve accordingly.
• Design and implement a robust cybersecurity framework to safeguard critical operational systems, production data, and intellectual property.
• Oversee the security measures for IT infrastructure, industrial control systems (ICS), and operational technology (OT), ensuring they meet the security needs of client's operations.
• Manage Microsoft Office 365 security and compliance administration panels to enhance data protection, regulatory compliance, and security monitoring.
• Administer security software solutions, including Endpoint Detection and Response (EDR) and email security tools, to proactively defend against cyber threats and vulnerabilities.
• Ensure integration of security protocols across various departments, including IT, HR, finance, and operations, promoting a unified and cohesive security strategy.
• Establish and manage incident response protocols to quickly identify, assess, and mitigate security incidents or breaches.
• Lead investigations into security incidents, identifying root causes, and coordinating corrective actions to prevent future occurrences.
• Collaborate with external security vendors and government agencies to manage large-scale security incidents, when necessary.
• Lead information security awareness programs and provide training to employees on security best practices, regulatory compliance, and emerging threats.
• Ensure compliance with industry-specific regulations (e.g., GDPR, ISO 27001, industry standards) and client's internal policies.
• Oversee audits and inspections to verify adherence to internal security policies and ensure that compliance requirements are met.
• Serve as the primary point of contact for all information security-related matters, collaborating with internal teams, senior management, and external stakeholders to ensure effective communication and risk management.
• Provide regular reports to senior leadership on security posture, incidents, and security performance metrics.
• Continuously monitor and improve security controls and processes to stay ahead of emerging threats and enhance organizational resilience.

Key Qualifications & Experience:

• Bachelor’s or master’s degree in Information Security, Cybersecurity, IT, or a related field.
• Proven experience in information security roles within the energy, mining, chemicals, or process manufacturing sectors, with a strong understanding of industry-specific risks and challenges.
• In-depth knowledge of cybersecurity frameworks, risk management practices, and regulatory requirements (e.g., NIST, ISO 27001, GDPR).
• Experience with industrial control systems (ICS) and operational technology (OT) security in manufacturing or production environments.
• Strong expertise in network security, encryption, identity and access management, and endpoint protection.
• Experience managing Microsoft Office 365 security & compliance administration panels.
• Experience managing security software solutions (EDR, email security, etc.).
• Proven experience in developing and executing incident response plans, including coordination with external parties like vendors and government agencies.