Information Security Manager

Information Security Manager – London – hybrid – up to £75,000

I’m working with a growing business that’s investing heavily in its security capability and looking to bring in an Information Security Manager to take ownership of the day‑to‑day function.

This role sits beneath a strategic CISO layer, so the focus here is very much operational, hands‑on delivery. You’ll be the bridge between the business and security, translating requirements into practical outcomes and driving real improvement across the environment.

You’ll manage a small team (Engineer + Analyst) and play a key role in maturing security across a business that is still developing its overall capability.

Responsibilities

• Lead and develop a small InfoSec team, acting as the central point for security delivery
• Own day‑to‑day security operations, ensuring work is prioritised based on real risk and business impact
• Act as the link between technical security and the wider business, translating requirements clearly
• Drive improvements across:
• SOC / SIEM capability (currently OpenText)
• Incident response and vulnerability management
• Penetration testing and security assurance
• Cloud security across Microsoft and Google environments
• Support key transformation programmes, particularly across data (data lake, analytics, data science platforms)
• Improve overall cloud security posture, including CSPM and visibility of risks
• Identify and address gaps, particularly across data security and governance
• Work closely with stakeholders to build security awareness and improve overall security culture
• Ensure security is embedded into wider IT and business initiatives rather than operating in isolation

What We’re Looking For

• Proven background in Information / Cyber Security with a hands‑on approach
• Experience across core security operations (SIEM, incident response, vulnerability management, cloud security)
• Comfortable working across both Microsoft and Google cloud environments
• Experience managing or mentoring junior team membersli>
• Able to operate in a fast‑paced, evolving environment with a lot happening at once
• Strong at context switching and managing multiple priorities
• Track record of delivering and closing out security initiatives, not just starting them
• Strong communication skills – able to clearly explain security risks and priorities to non‑technical stakeholders
• Able to link security activity to real business impact, not just technical output
• Background in less regulated environments (e.g. retail, eCommerce, service‑led businesses) is beneficial
• Some exposure to GRC is useful but not essential