Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Lead security efforts, manage risks, and ensure compliance across the organisation.
- Company: Everflow Utilities is dedicated to providing secure and reliable utility services.
- Benefits: Enjoy flexible working options, professional development opportunities, and a supportive team culture.
- Why this job: Join a dynamic team focused on enhancing security and making a real impact in the industry.
- Qualifications: Experience in information security management and knowledge of compliance standards required.
- Other info: Opportunity to work with cutting-edge technology and engage with senior leadership.
The predicted salary is between 43200 - 72000 £ per year.
We are seeking an experienced Information Security Manager (ISM) to lead our security efforts, ensuring compliance, risk management, and robust security operations.
Role Overview
As an Information Security Manager, you will be responsible for shaping, implementing, and maintaining Everflow’s information security strategy. You will work closely with stakeholders across the business, ensuring that security aligns with business objectives while meeting regulatory and compliance requirements.
Key Responsibilities
- Stakeholder Engagement & Continuous Improvement
- Engage with the Senior Leadership Team (SLT) to report on security posture, risks, and improvements.
- Collaborate with IT, Regulations and Compliance teams to drive security initiatives.
- Promote a strong security culture, ensuring security aligns with business goals.
- Security Operations & Incident Management
- Lead incident response efforts, develop playbooks, and ensure proper incident reporting and remediation.
- Monitor and enhance threat detection & response capabilities.
- Manage access control and identity management policies.
- Business Continuity & Disaster Recovery
- Develop and test business continuity and disaster recovery (BC/DR) plans.
- Ensure data backup & recovery strategies are in place and effective.
- Conduct tabletop exercises to assess response plan effectiveness.
- Security Architecture & Technical Controls
- Ensure secure configurations for systems, networks, and cloud environments.
- Review and enhance data protection controls (e.g., encryption, DLP policies).
- Implement security measures for Joiners, Movers, and Leavers (JML) processes.
- Work with IT teams to strengthen cybersecurity measures (e.g., MFA, endpoint security).
- Governance, Risk, and Compliance (GRC)
- Develop, implement, and maintain security policies, standards, and procedures (e.g., ISMS).
- Ensure compliance with ISO 27001, Cyber Essentials, GDPR, and other industry standards.
- Conduct risk assessments, define risk treatment plans, and oversee mitigation measures.
- Manage internal and external security audits, addressing any corrective actions.
- Vendor and Third-Party Risk Management
- Assess vendor security practices and conduct third-party risk evaluations.
- Ensure vendors comply with contractual security requirements, conducting regular reassessments.
- Implement automated review processes for vendor risk management.
- Security Awareness & Training
- Lead security awareness programs to minimise human risk (e.g., phishing simulations).
- Provide training on data protection, security best practices, and compliance requirements.
- Work with HR, IT, and Legal to embed security into business processes.
- Engagement with Project & Product Managers
- Perform Threat Modelling to identify attack vectors and risks early in development.
- Conduct Risk Assessments for products handling PII, financial data, or sensitive business information.
- Carry out Business Impact Analysis to understand security incident implications.
- Ensure compliance with industry-specific regulations such as Ofwat, NIS2, and PCI DSS.
- Review vendor agreements to ensure compliance with contractual obligations.
- Implement Role-Based Access Control (RBAC) and Multi-Factor Authentication (MFA).
- Ensure strong encryption for data at rest and in transit.
- Establish logging & monitoring with SIEM and alerting for unusual activity.
- Strengthen cloud security for Azure, AWS, or GCP environments, ensuring proper IAM roles and least privilege access.
Information Security Manager Everflow Utilities employer: CyberNorth
Contact Detail:
CyberNorth Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Information Security Manager Everflow Utilities
✨Tip Number 1
Familiarise yourself with the latest information security frameworks and standards, such as ISO 27001 and Cyber Essentials. This knowledge will not only help you understand the requirements of the role but also demonstrate your commitment to compliance and best practices during discussions.
✨Tip Number 2
Engage with current trends in cybersecurity, particularly around incident response and threat detection. Being able to discuss recent incidents or advancements in technology can showcase your proactive approach and understanding of the evolving security landscape.
✨Tip Number 3
Network with professionals in the field by attending industry conferences or local meetups. Building relationships with others in information security can provide valuable insights and potentially lead to referrals or recommendations for the position.
✨Tip Number 4
Prepare to discuss your experience with stakeholder engagement and how you've successfully implemented security initiatives in previous roles. Highlighting specific examples will illustrate your ability to align security strategies with business objectives, which is crucial for this position.
We think you need these skills to ace Information Security Manager Everflow Utilities
Some tips for your application 🫡
Tailor Your CV: Make sure your CV highlights relevant experience in information security management. Focus on your achievements in compliance, risk management, and security operations that align with the responsibilities outlined in the job description.
Craft a Compelling Cover Letter: Write a cover letter that specifically addresses how your skills and experiences make you a perfect fit for the Information Security Manager role. Mention your familiarity with ISO 27001, GDPR, and other relevant standards, and how you've successfully implemented security strategies in previous roles.
Showcase Stakeholder Engagement Skills: In your application, emphasise your experience in engaging with senior leadership and cross-functional teams. Provide examples of how you've promoted a strong security culture and driven security initiatives that align with business objectives.
Highlight Incident Management Experience: Detail your experience in leading incident response efforts and developing playbooks. Include specific examples of how you've enhanced threat detection and response capabilities, as well as your approach to managing access control and identity management policies.
How to prepare for a job interview at CyberNorth
✨Understand the Security Landscape
Familiarise yourself with the latest trends and challenges in information security, especially those relevant to utilities. Be prepared to discuss how these issues could impact Everflow and suggest proactive measures.
✨Showcase Your Stakeholder Engagement Skills
Highlight your experience in collaborating with various teams, particularly senior leadership. Prepare examples of how you've successfully communicated security risks and initiatives to non-technical stakeholders.
✨Demonstrate Incident Management Expertise
Be ready to discuss your approach to incident response and recovery. Share specific instances where you led a response effort, detailing the steps taken and the outcomes achieved.
✨Emphasise Compliance Knowledge
Make sure you are well-versed in relevant regulations such as ISO 27001, GDPR, and Cyber Essentials. Be prepared to explain how you have ensured compliance in previous roles and how you would approach it at Everflow.
