Information Security Manager in Farnham

Location: Farnham, Surrey (cross site working)

Salary: £55,000 per annum

Hours: 37 hours per week

Phyllis Tuckwell are based in Farnham, Camberley and Guildford and provide bespoke, compassionate palliative and end‑of‑life care for people living with an advanced or terminal illness, across West Surrey and North‑East Hampshire. We are soon opening a new hospice building, creating a modern environment designed around patients, families, and staff. Alongside this, we are investing in our digital capability to better support care, improve efficiency, and strengthen how we work as an organisation.

Job Summary

We are seeking an Information Security Manager to shape how our information security is built into a new environment from the outset, rather than retrofitted later. This exciting, new role will take the next step in managing and developing a more structured, consistent, and visible approach, seeking to embed good practice and build confidence. This is not a purely technical or policy focused role. It will be responsible for ensuring our systems and information are safe, resilient, and used responsibly, helping our teams make secure choices in their day‑to‑day work, and educating staff to understand what this means in practice. The role will play an integral role in ensuring everything we do, and deliver, is secure by default and will ensure a practical, solutions focused approach to risk, helping teams move forward with confidence, building a positive security culture across the organisation.

Responsibilities

• Leading our approach to cyber security, risk management, and incident response
• Developing and improving our information security management system, aligned to standards such as Cyber Essentials Plus and NHS DSPT
• Identifying and managing risks across systems, processes, and suppliers
• Supporting teams to understand and apply good security practice in real‑world situations
• Leading response to any cyber or data‑related incidents, ensuring an appropriate and prompt response with a learning mindset
• Working with senior colleagues, including the SIRO and Caldicott Guardian, to provide assurance and oversight
• Building awareness and confidence across the organisation through training and engagement
• Ensuring security is built into new systems, projects, and supplier relationships from the outset
• Develop and deliver engaging information security training and awareness campaigns
• Promote a positive, non‑blame culture where people feel confident to report incidents or concerns
• Provide practical advice that helps teams make secure choices in day‑to‑day work
• Act as a visible and approachable subject matter expert across the organisation

Candidate

Candidates should possess a balanced skillset across technical cyber security and governance, risk, and compliance (GRC) combined with the ability to translate this into clear, organisation‑wide governance and assurance. They will be comfortable with detail, whilst also providing proportionate, practical oversight at an organisational level.

• Strong technical grounding in cyber security including networks, endpoints, identity, vulnerabilities, and incident response
• Experience in applying that knowledge to real world risk management, not just theoretical controls
• Good understanding of governance, assurance, and security frameworks such as Cyber Essentials Plus, ISO 27001, and NHS DSPT
• Ability to move comfortably between technical detail and clear, plain‑English communication for non‑technical audiences
• Experience in providing assurance to senior stakeholders such as risk reporting, audit, or governance forums
• An enabling, solutions‑focused approach with the ability to balance risk, with the need to get things done
• Strong focus on behaviour and culture, not just controls and policy
• Able to challenge constructively while helping teams find workable solutions
• Comfortable influencing across teams and building trusted relationships

Relevant qualifications or certifications such as CISSP, CISM, or Security+ are helpful. While a hospice background is not required, applicants should understand the importance of working in a people‑focused, regulated environment.

Benefits

• Six weeks paid holiday plus public holidays
• Phyllis Tuckwell Group Personal Pension Plan (matched contributions up to 7.5%)
• Health Cash Plan Scheme
• Employee Assistance Programme
• Staff Benefit Scheme
• Blue Light Discount Card

Excellent Career Development

• Leadership Development
• Skill Development, Project‑Based Learning and Diverse training courses
• Apprenticeships
• Coaching
• Cross Departmental Projects

A Great Place to Work

• Equal Opportunities employer
• Flexible working
• Supportive colleagues
• 97% of our staff are proud to work for Phyllis Tuckwell

We are committed to creating a diverse and inclusive culture, with the principles of fairness and equality at its core. We warmly welcome applications from all sections of the community. All appointments are made following a fair and equitable process, based on merit, job requirements and business need.

Closing date for receipt of applications: 10th May 2026. Interviews to be held week commencing 1st June 2026. We reserve the right to close the role ahead of the closing date should sufficient applications be received. Your early response is therefore encouraged.

Please note that we do not hold a sponsor licence and therefore are unable to provide sponsorship. This post is subject to a standard Disclosure and Barring Service check.

For further information regarding the role or to arrange an informal visit please contact Graham Mayers, Director of IT, Estates and Digital Transformation on graham.mayers@pth.org.uk or phone 01252 729408. If you have any questions about the recruitment process, contact HR on 01252 729408 or email recruitment@pth.org.uk.