Information Security Manager

Information Security Manager

Full-Time 75000 - 75000 £ / year (est.) No working from home possible
L

At a Glance

  • Tasks: Lead the development and management of information security governance, risk, and compliance programmes.
  • Company: Growing FTSE-listed business in Central London with a hybrid work culture.
  • Benefits: Competitive salary of £75,000 and full benefits package.
  • Other info: Opportunity to engage with AI developments and enhance your career in a dynamic environment.
  • Why this job: Make a big impact in a small team while advising on crucial security matters.
  • Qualifications: Experience in information security with GRC exposure and knowledge of ISO 27001.

The predicted salary is between 75000 - 75000 £ per year.

I'm supporting a growing FTSE-listed business that is looking to hire an Information Security Manager to play a central role in protecting its information assets across both business and property technology. This would suit someone who enjoys operating with breadth over depth: an all-rounder who is happy moving between governance, risk and compliance work and broader cyber security topics within a small, high-impact team.

The role involves leading the development, implementation and management of the information security governance, risk and compliance programme, ensuring alignment with regulatory requirements and industry standards such as ISO 27001 and NIST. You will also engage credibly with the wider infosec team, challenge supplier technical proposals, and contribute to operational security activities where required.

Key responsibilities include:

  • Developing and maintaining information security policies, standards and procedures, and monitoring compliance
  • Completing security assessments for third party suppliers, assets and projects, and maintaining the supplier risk assessment process
  • Identifying and assessing information security risks, maintaining the risk register, and implementing risk mitigation strategies
  • Ensuring compliance with relevant laws and standards (e.g. GDPR, ISO 27001) and supporting internal and external audits
  • Building strong stakeholder relationships across the business and articulating the need for information security to technical and non-technical stakeholders
  • Delivering security awareness and training, including phishing tests, remediation training and course rollout
  • Managing the information security steering committee, including secretariat duties, minutes and actions
  • Developing a working understanding of the security technology stack (SIEM, email security, DLP, endpoint, identity, vulnerability management) sufficient to engage credibly with the team
  • Critically reviewing supplier technical proposals, architectures and security testing reports (e.g. SOC 2, penetration test reports)
  • Supporting incident response and operational infosec activities as required
  • Maintaining awareness of AI developments relevant to information security, supporting the AI governance framework, and identifying opportunities to leverage AI within the infosec function

What they are looking for:

Required:

  • Demonstrable experience in an information security role with significant GRC exposure, alongside working knowledge of broader cyber security disciplines
  • Experience of ISO 27001 ISMS implementation and management, and the certification process
  • Strong Microsoft 365 skills, including familiarity with enterprise security tooling
  • Risk management experience
  • Experience with third party risk management software (such as SureCloud, OneTrust or similar)
  • Working understanding of common cyber security domains: network security, endpoint protection, identity and access management, vulnerability management and security testing

Preferred:

  • ISO 27001 or NIST framework experience, and ISO 27005 risk management
  • Exposure to AI governance frameworks (e.g. NIST AI RMF) or developing AI use-case risk assessments
  • Exposure to property technology
  • Experience reviewing penetration test reports, SOC 2 reports or supplier security architectures
  • Hands-on experience supporting incident response or security operations

Desirable accreditations:

  • ISO 27001 Lead Auditor / Implementer, ISO 27005, CISSP, CISM or equivalent, and CompTIA Security+ or an equivalent foundational technical certification.

The ideal candidate will have the technical curiosity to engage the wider infosec team on operational topics, a genuine interest in AI and its application to security, and a pragmatic mindset that recognises the balance between security and productivity.

Package:

  • Salary: £75,000
  • Hybrid working, 4 days in the office (Central London)
  • Full benefits package

This would suit someone who wants to make a big impact in a small team, act as a trusted advisor across the business, and deliver real value by translating technical detail for senior, non-technical stakeholders.

Please message me directly if you would like to discuss the role, or feel free to share with someone in your network.

L

Contact Details:

LT Harper Recruitment Group Recruitment Team

We think you need these skills to ace Information Security Manager

Information Security Governance
Risk Management
Compliance Management
ISO 27001 Implementation
NIST Framework Knowledge
Microsoft 365 Security Tools
Third Party Risk Management