Information Security Manager in Edinburgh

We’re looking for an experienced and forward‑thinking Information Security Manager to lead and evolve our company’s information security programme. In this pivotal role, you will be responsible for safeguarding our data, systems and services from ever‑changing cyber threats, ensuring they remain secure, compliant and resilient. You’ll shape and implement our information security strategy, set governance standards, and drive secure‑by‑design principles across the business.

Working closely with colleagues across IT, Change, HR, Procurement, Compliance and more, you’ll balance security, risk, usability and cost to support Business Stream’s strategic goals. From managing system vulnerabilities, incident response and risk assessments, to leading supplier security oversight and championing a strong culture of cyber awareness, you will be our subject‑matter expert and primary point of contact for all cybersecurity matters.

This role also includes responsibility for operational partnerships, such as managed SOC, SIEM and threat‑management services, and ensuring we continue to mature our security posture in line with recognised frameworks like ISO 27001, NIST and CIS Controls. If you’re a strategic thinker with willingness and ability to get hands‑on, this role offers the opportunity to make a meaningful impact across the organisation.

What makes you just right for us?

• Experience in information security, including leading or owning an information security programme, domain or team.
• Strong understanding of industry frameworks and standards such as ISO 27001/2, CIS Controls, NIST CSF/800‑53, and established risk methodologies.
• Hands‑on experience across cloud and modern IT security, particularly Microsoft Azure, M365, Entra, Sentinel, Purview, endpoint security and vulnerability management.
• Proven capability in incident response, from detection through to lessons learned.
• Excellent ability to translate technical risk into clear business impact, coupled with confident stakeholder engagement and executive‑level reporting skills.
• Experience embedding security into change, conducting threat modelling, and steering secure design reviews.
• Solid understanding of regulatory requirements, including GDPR and other relevant industry regulations.
• Strong written and verbal communication skills, demonstrating clarity, influence and collaboration.
• Professional certifications such as CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Auditor, CEH or GIAC.
• Experience managing security certifications, third‑party risk programmes and assurance activities.
• Exposure to SIEM engineering, SOAR, IaC security (Terraform/Bicep), scripting for automation, and security tooling optimisation.
• Knowledge of the water industry or its regulatory landscape.
• Previous management experience - leading a team and/or managing vendors.

What’s in it for you?

• Salary up to £65,000 DOE plus bonus up to 20%
• 31 days annual leave and six bank holidays
• Subsidised staff restaurant and free gym membership
• Salary sacrifice schemes including cycle to work

Why we’re the right fit

We’re passionate about providing a great place to work, where our colleagues feel trusted, valued, supported and empowered, whatever their background or role. And we’re committed to providing an inclusive workplace that welcomes and promotes diversity and provides equal opportunities for everyone. In everything we do, we’re driven to make a positive difference, and always strive to do the right thing by our customers, our people, our local communities and the environment. Life at Business Stream is fast‑paced and exciting, where no two days are the same.

Who we are

Business Stream is one of the largest water retailers in the UK and a trusted service provider to over 300,000 business customers. With over 16 years’ experience of operating in a competitive water market – longer than any other retailer – we’re the chosen service provider for businesses and organisations ranging from small corner shops to large industrial estates. Headquartered in Edinburgh and employing around 350 people, we provide a range of services including metering and billing, water efficiency support and, water and waste water management solutions.

How to make this job all yours

We’re looking to welcome exceptional people into our fantastic, high‑performing team so if you think this job is for you, we’d love to hear from you. To apply, please click the ‘Apply’ button at the bottom of this page, and send us a copy of your CV. The closing date for applications is Friday 20 February at 5pm.

A Disability Confident Committed Employer: If you consider yourself to have a disability, we encourage you to disclose that as part of your application. That means we can provide the necessary support and use your unique talents effectively.