Manager, Information Security in London

Responsible for leading and maturing the company's global information security policies and governance framework across warehouse and corporate environments. The role ensures that Neovia maintains a structured, risk-based, and scalable security posture aligned with business objectives, customer expectations, regulatory obligations, and the evolving threat landscape. Maintains awareness of new threats and creates vehicles for quickly addressing day zero risks. Supports global locations, ensuring that information security policies, standards, and control objectives are consistently defined, governed, and aligned with operational reality. Drives the development and maintenance of the Information Security Management System (ISMS), supports certificate initiatives (ISO 27001 etc.), oversees enterprise security risk management, and ensures structured audit readiness across regions by partnering with Neovia's internal GRC and legal teams. Responsible for the security strategy, working with Engineering and leadership to recommend software and solutions to solve complex problems and make Neovia safer. Helps evaluate security capabilities, identify maturity gaps, and provide structured recommendations to IT and executive leadership to ensure ongoing improvement of Neovia's security posture. Owns end-user testing and education. Ensures that technical solutions and products consider data sovereignty, regional legislation, customer contractual obligations, and compliance with security and IT policies and controls.

Job Responsibilities

• Define and maintain the global Information Security roadmap aligned to business objectives and operational realities across core infrastructure locations and 60+ warehouses.
• Establish strategic security control objectives (e.g., least privilege, identity-first security, segmentation, zero trust principles) in line with industry and global standards from NIST, CIS, etc.
• Develop, maintain, and mature the Information Security Management System (ISMS).
• Create and update global security policies, standards, and procedures aligned to ISO 27001 and industry best practices.
• Ensure consistent governance and control ownership across IT and business functions.
• Own and maintain the enterprise Information Security risk register and supporting tools.
• Conduct and facilitate formal risk assessments across global sites and business functions.
• Define and document risk treatment and risk acceptance processes.
• Ensure consideration of regional legislation, data sovereignty, and cross-border data handling requirements in conjunction with legal and DPO.
• Provide structured reporting on risk posture and key risk indicators to IT and senior leadership.
• Lead ISO 27001 readiness and certification initiatives. Coordinate internal and external audits across global operations.
• Maintain control mappings to regulatory, contractual, and customer requirements.
• Oversee remediation tracking and corrective action plans arising from audits or assessments.
• Ensure audit evidence collection processes are structured, repeatable, and consistent across locations.

Qualifications

• Bachelor's in Computer Science; Information Systems or equivalent.
• Minimum 5 years of experience in Information Security, with exposure to Governance, Risk and Compliance (GRC).
• Demonstrated experience building, maintaining, or maturing an Information Security Management System (ISMS).
• Relevant experience supporting or leading ISO 27001 certification or similar regulatory frameworks.
• Experience managing enterprise security risk registers and facilitating formal risk assessments.
• Experience developing and maintaining security policies, standards, and governance documentation.
• Experience evaluating and recommending security technologies aligned to strategic control objectives.
• Experience reviewing third-party/vendor security questionnaires and assessing risk exposure.
• Experience operating within multi-site or global environments.
• Strong written communication skills with ability to produce executive-level documentation and reporting.
• Desired experience within logistics, warehousing, manufacturing, or other distributed operational environments.
• Experience operating across multiple regions with awareness of data sovereignty and regional regulatory requirements.
• Experience building multi-year security roadmaps and maturity models.
• Familiarity with frameworks such as NIST CSF, CIS Controls, or Zero Trust principles.
• Professional certifications such as CISM, CISSP, CRISC, or ISO 27001 Lead Implementer/Auditor.

Skills & Competencies

• This role requires strong strategic ownership, professional maturity, and the ability to influence across a globally distributed organization whilst building close relationships with engineering and other teams.
• Operate independently with minimal supervision.
• Translate complex technical controls into business risk language.
• Define clear control objectives and governance direction.
• Provide structured, data-driven recommendations to leadership.
• Influence engineering and business stakeholders without formal authority.
• Balance security maturity with operational and commercial realities.
• Demonstrate strong organizational and documentation discipline.
• Communicate effectively with senior leadership and cross-functional teams.
• Maintain a pragmatic, risk-based approach within a fast-moving logistics environment.

Additional Notes

• Must have the ability to travel domestically and internationally where required (relevant travel documentation required).
• Flexible working hours may be required to support global operations across multiple time zones.
• May be required to support major security incidents from a governance and risk advisory perspective.
• Role requires the ability to operate effectively across distributed warehouse and corporate environments.

Physical Requirements

• Work is primarily sedentary. Sits comfortably to do the work; however, there may be some walking, standing, bending, or lifting items weighing up to 15 pounds.

Security Awareness & Culture

• Own and evolve the global security awareness program using Caniphish toolset.
• Coordinate phishing simulations and targeted training campaigns.
• Track behavioral risk metrics and engagement trends.
• Drive continuous improvement in security culture across distributed operational environments.
• Be cognizant of new threat landscape and plan to test employees appropriately.