At a Glance
- Tasks: Lead our information security governance and ensure ISO 27001 accreditation.
- Company: Dynamic organisation in Manchester with a focus on data protection.
- Benefits: Hybrid work model, competitive salary, and opportunities for professional growth.
- Other info: Join a collaborative team dedicated to enhancing security culture and practices.
- Why this job: Make a real impact on data security and compliance in a high-stakes environment.
- Qualifications: Experience in information security governance and strong stakeholder management skills.
The predicted salary is between 55000 - 65000 € per year.
We are seeking an experienced Data Protection & Information Security Manager to take ownership of our organisation’s information security governance and ISO 27001 accreditation. This is a high-impact role focused on ensuring the organisation maintains strong security standards, remains compliant with regulatory requirements, and continuously improves its security posture. The successful candidate will act as the central point of accountability for ISO 27001 management, policy governance, and information security oversight.
Key Responsibilities
- ISO 27001 Ownership (Core Requirement)
- Take full ownership of the ISO 27001 accreditation, including ongoing maintenance and governance of the ISMS.
- Leading annual certification and renewal processes.
- Coordinating and facilitating quarterly review meetings.
- Ensure all controls are implemented, maintained, and continuously improved.
- Act as the primary point of contact for internal and external auditors.
- Security Governance & Policy Management
- Develop, review, and maintain information security policies, standards, and procedures.
- Ensure policies are clearly communicated across the organisation and embedded into business processes.
- Drive initiatives to strengthen security awareness and culture across teams.
- Support internal stakeholders in aligning to governance frameworks and security best practices.
- Risk & Compliance Management
- Identify, assess, and manage information security risks across the organisation.
- Ensure compliance with regulatory and industry standards.
- Lead and manage responses to security incidents, audit findings, and compliance gaps.
- Collaborate with technical teams to ensure effective remediation and risk mitigation.
- Stakeholder Engagement
- Act as a key interface between IT, Security, Compliance, and business teams.
- Lead governance forums and working groups to drive alignment and accountability.
- Provide clear reporting and updates to senior stakeholders on risk, compliance, and security posture.
- Data Protection (Secondary Focus)
- Maintain a strong understanding of GDPR and data protection principles.
- Support data protection initiatives and ensure alignment with information security policies.
- Work with relevant stakeholders to ensure proper handling of personal data.
Required Experience
- Strong background in information security governance, policy creation, and compliance frameworks.
- Experience managing audits, certification processes, and regulatory requirements.
- Ability to lead review forums, risk discussions, and stakeholder engagement sessions.
- Experience handling security incidents, audit findings, and remediation activities.
- Strong understanding of GDPR and data protection practices.
- Background in cyber security operations, vulnerability management, or security engineering.
- Experience delivering security awareness or culture programmes.
- Familiarity with frameworks such as NIST, CIS, or similar standards.
- Experience working in large, complex or regulated environments.
Key Skills & Attributes
- Strong stakeholder management and communication skills.
- Ability to translate technical risk into business context.
- Highly organised with strong attention to detail.
- Proactive and confident in leading governance and compliance processes.
- Ability to operate effectively in auditable, high-scrutiny environments.
- Collaborative mindset with the ability to drive change across teams.
Screening & Vetting
All candidates will be required to pass enhanced Level 2 MOJ vetting, including employment and address history checks, financial and social media background checks, and criminal record screening. Pre-screening questions will be required prior to submission.
Information Security Manager employer: Experis UK
As an employer, we pride ourselves on fostering a dynamic and inclusive work culture in Manchester, where our Information Security Manager will play a pivotal role in shaping our security governance and compliance landscape. We offer competitive benefits, including flexible hybrid working arrangements, continuous professional development opportunities, and a commitment to employee well-being, ensuring that our team members thrive both personally and professionally. Join us to be part of a forward-thinking organisation that values innovation and collaboration, making a meaningful impact in the field of information security.
StudySmarter Expert Advice🤫
We think this is how you could land Information Security Manager
✨Tip Number 1
Network like a pro! Reach out to your connections in the information security field, attend industry events, and join relevant online forums. The more people you know, the better your chances of hearing about job openings before they’re even advertised.
✨Tip Number 2
Prepare for interviews by brushing up on your knowledge of ISO 27001 and data protection principles. We recommend practising common interview questions and scenarios related to security governance and compliance. Show them you’re not just a candidate, but the right fit for their team!
✨Tip Number 3
Don’t underestimate the power of follow-ups! After an interview, send a quick thank-you email to express your appreciation and reiterate your interest in the role. It keeps you fresh in their minds and shows your enthusiasm for the position.
✨Tip Number 4
Apply directly through our website! It’s the best way to ensure your application gets seen by the right people. Plus, it shows you’re genuinely interested in joining our team and makes it easier for us to keep track of your application.
We think you need these skills to ace Information Security Manager
Some tips for your application 🫡
Tailor Your CV:Make sure your CV is tailored to the Information Security Manager role. Highlight your experience with ISO 27001, security governance, and compliance frameworks. We want to see how your background aligns with our needs!
Craft a Compelling Cover Letter:Your cover letter is your chance to shine! Use it to explain why you're passionate about information security and how you can contribute to our team. Be sure to mention any relevant projects or achievements that showcase your skills.
Showcase Your Stakeholder Engagement Skills:In your application, emphasise your ability to engage with various stakeholders. We value strong communication skills, so share examples of how you've successfully collaborated with teams in the past.
Apply Through Our Website:We encourage you to apply directly through our website for the best chance of success. It’s the easiest way for us to review your application and get back to you quickly!
How to prepare for a job interview at Experis UK
✨Know Your ISO 27001 Inside Out
Make sure you’re well-versed in ISO 27001 standards and how they apply to the role. Be ready to discuss your experience with accreditation processes and how you've maintained ISMS in previous positions. This will show that you’re not just familiar with the framework, but that you can take ownership of it.
✨Showcase Your Stakeholder Engagement Skills
Prepare examples of how you've successfully engaged with various stakeholders in past roles. Highlight your ability to communicate complex security concepts in a way that resonates with non-technical teams. This is crucial for the role, so be ready to demonstrate your collaborative mindset.
✨Be Ready for Risk Management Scenarios
Think of specific instances where you identified and managed information security risks. Be prepared to discuss your approach to compliance and how you’ve handled security incidents or audit findings. This will illustrate your proactive nature and attention to detail.
✨Understand GDPR and Data Protection Principles
Brush up on GDPR regulations and how they intersect with information security policies. Be ready to discuss how you’ve supported data protection initiatives in the past. This knowledge will be key in showing that you can align security practices with legal requirements.
