Information Security Manager

Cornerstone is the UK’s leading mobile and digital infrastructure provider, managing over 15,700 sites and holding 35% of the market. Our Mission is to be famous for excellence in delivery, embracing transformation with our people and our customers at its heart.

As Cornerstone’s Information Security Manager, you will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS), ensuring alignment with ISO 27001:2022. You will be responsible for safeguarding our digital infrastructure, managing cyber risk, and embedding a security-first culture across the organisation. This is a strategic and hands-on role, requiring collaboration across IT, legal, procurement, and operational teams. You will act as the primary point of contact for all matters related to information assurance, supplier security assurance, incident response, and regulatory compliance.

• IT Security Operations: Collaborate closely with IT SecOps team members to ensure security controls remain effective. Where gaps are identified, implement appropriate mitigation measures and lead the response to security incidents in a timely and coordinated manner.
• Compliance & Security: Coordinate ISO 27001 certification audits and maintain ongoing compliance on behalf of the IT & Digital function. Actively support and contribute to health and safety, environmental sustainability, business continuity, and information security initiatives, ensuring we meet our obligations to customers and regulatory standards.
• Delivery:
  • ISMS Leadership: Own and maintain the ISMS, ensuring it meets ISO 27001:2022 requirements and supports business objectives.
  • Risk Management: Identify, evaluate, and mitigate information security risks across systems, suppliers, and processes. Maintain visibility over key cyber risks and report to senior leadership.
  • Incident Response: Lead the response to security incidents, including forensic analysis, reporting, and remediation. Coordinate with law enforcement and external partners where necessary.
  • Supplier Assurance: Conduct security reviews and audits of third-party vendors. Ensure compliance with Cornerstone’s security policies and contractual obligations.
  • Policy & Governance: Draft, review, and enforce security policies and procedures. Chair or support governance forums such as the ISMS Review and Information Security Steering Group.
  • Cyber Awareness Programme: Champion a culture of security awareness through training, phishing simulations, ensuring staff compliance with mandatory cyber training and internal communications.
  • Compliance & Certification: Ensure ongoing compliance with GDPR, ISO standards, and other regulatory frameworks. Lead surveillance audits and certification renewals.
  • Technology Oversight: Evaluate and implement security tools and technologies. Collaborate with IT Operations and infrastructure teams to embed security into system design and operations.
  • Secure Development: Ensure that security considerations are embedded throughout the project lifecycle, from initial design through to deployment and ongoing maintenance.

The successful candidate will possess substantial experience in managing and maintaining an enterprise Information Security Management System (ISMS), with a demonstrable track record of leading and supporting external ISO 27001 audits and implementing and managing robust security frameworks. They will have a comprehensive understanding of cyber threats, cloud security, particularly within Azure and Microsoft 365 environments, and key regulatory and compliance frameworks, including GDPR and ISO 27001. Experience with security and compliance tools such as ISMS Online, Qualys VMDR, and Cofense phishing simulation would be highly advantageous.

The role requires strong proficiency in vulnerability management, coordinating penetration testing, supplier security assurance, and incident response. A thorough understanding of legal and procedural obligations relating to data protection and information governance is essential. Excellent communication and stakeholder management skills are required, with the ability to articulate technical risks in a clear and business-focused manner. Analytical and problem-solving skills are critical to effectively identify vulnerabilities, assess risks, and deliver appropriate mitigation strategies in collaboration with internal and external stakeholders. Leadership and professional judgement are central to the position. The postholder will lead regular internal and customer orientated security governance meetings, oversee cross-departmental initiatives, and foster a culture of security awareness throughout Cornerstone. The role also involves close collaboration with the IT Security Operations team, contributing to continuous improvement, and supporting Cornerstone's ongoing security and compliance maturity.

Suitable candidates are likely to have prior experience in roles such as Information Security Manager, Security Lead, or Senior Security Analyst, ideally within ISO 27001-certified or similarly regulated environments.

Knowledge, Skills and Experience:

• Proven experience managing an enterprise ISMS and leading ISO 27001 audits.
• Strong understanding of cyber threats, cloud security (Azure, M365), and regulatory compliance.
• Experience with supplier assurance, penetration testing, and vulnerability management.
• Excellent stakeholder engagement and communication skills.
• Ability to work independently and influence cross-functional teams.
• Familiarity with Cofense phishing simulation tool, ISMS Online, Qualys VMDR.

What we offer:

• Competitive salary and an excellent bonus structure.
• 30 days holiday.
• Competitive pension scheme.
• Hybrid working.
• Life insurance.
• Cycle to Work.
• Retail Discount.
• Competitive refer a friend scheme.
• Private Healthcare Insurance.

Our commitment to Equity, Diversity, and Inclusion (EDI) is fundamental to our success. We strive to cultivate an inclusive environment where every employee feels valued, respected, and empowered. By embracing unique perspectives and experiences, we drive innovation and drive our organisation forward, therefore, we recognise the importance of welcoming applications from candidates of all backgrounds.

We want to ensure everyone is able to present their best self throughout the recruitment process so if you require any adjustments, please let us know.

If this role is of interest to you and you would like to find out more, please do apply with an up to date version of your CV.

Operate and uphold Cornerstone’s values of Everyone Matters, Innovate to Elevate, Do the Right Thing and Customer First by being Professional, Respectful and Open.