Group Information Security Manager in London

Location: Blackfriars, London – hybrid

Salary: £60-65K plus excellent benefits package

Contract: 12-month fixed term contract, with possibility of extension

About the Opportunity

Our client is a UK-based, purpose-led organisation that partners with public, private and third sector bodies to design, test and scale practical innovations that improve outcomes for people and communities. They are now seeking an experienced Group Information Security Manager to join their IT team. This is an elevated Manager-level role, created to support the merger of two existing Information Security Management Systems into one coherent Group-wide framework. The Information Security strategy is already in place, so this role is focused on execution, delivery, stakeholder management and clear communication. It will suit a hands-on player-manager who can improve processes, embed controls, coordinate audit readiness and bring people with them across a complex, multi-entity environment.

Key Requirements

• You will be an experienced Information Security Manager, ISMS Manager, Information Security Lead, Cyber Security Governance Manager or similar, with strong practical experience across security governance, risk, compliance, audit readiness and ISMS delivery.
• Strong experience managing Information Security in a complex organisation or group structure.
• Excellent knowledge of ISO 27001, ideally including ISO 27001:2022 with the ability to engage the business on ISO 27001, bringing them along the journey and embedding it into daily work.
• Experience with Cyber Essentials and Cyber Essentials Plus.
• Strong understanding of ISMS management, implementation and continuous improvement.
• Experience supporting or leading internal and external audits.
• Ability to manage audit preparation, evidence gathering, remediation and follow-up actions.
• Strong knowledge of information security risk management, asset registers, risk logs and treatment plans.
• Experience improving practical security processes, controls and reporting.
• Working knowledge of GDPR, the Data Protection Act and wider data protection implications.
• Experience with incident management, corrective actions and remediation tracking.
• Strong stakeholder management skills, with the ability to influence without direct authority.
• Experience working across multiple entities, departments or subsidiaries would be highly valuable.
• Prior experience merging or aligning ISMS frameworks would be a significant advantage.
• Desirable knowledge of NIST and qualifications such as CISM.

You will be a clear communicator, practical problem solver and organised delivery-focused professional who can balance governance requirements with real-world implementation.

Role & Responsibilities

• As Group Information Security Manager, you will support the continued maturity of Information Security across the organisation and its subsidiaries, with a strong focus on implementation and operational delivery.
• Supporting the merger of two existing ISMS frameworks into one Group-wide model.
• Helping to reduce duplication, clarify accountability and improve visibility across entities.
• Delivering against the existing Information Security roadmap.
• Embedding Information Security into day-to-day business processes and decision-making.
• Translating security requirements into clear, proportionate and usable guidance for staff.
• Supporting compliance and audit activity for ISO 27001, Cyber Essentials and Cyber Essentials Plus.
• Coordinating audit preparation, staff readiness, evidence collection and remediation activity.
• Acting as a key point of contact for external auditors and certification bodies.
• Preparing and supporting Information Security Management Reviews.
• Supporting the cross-organisational Security Forum and Audit and Risk Committee reporting.
• Maintaining Information Security policies, standards, risk logs, asset registers and treatment plans.
• Conducting security reviews and assessments across the organisation.
• Managing the Corrective Action Plan and improving tracking of risks, incidents and actions.
• Supporting third-party and supplier security assessments, including cloud-based services.
• Investigating and coordinating responses to Information Security incidents.
• Working closely with IT, Technical Architecture, Finance, Legal and business stakeholders.
• Supporting Business Continuity Planning, Disaster Recovery Planning and resilience testing.

Why Join?

This is an excellent opportunity to step into a visible Group Information Security Manager role where the focus is on practical delivery, not just policy ownership. You will play a key part in merging and maturing the organisation’s ISMS framework, improving audit readiness, strengthening controls and helping embed a clear, practical security culture across a purpose-led organisation. The role offers hybrid working from Blackfriars, London, flexible working options and the chance to make a meaningful impact across a collaborative, multi-entity environment.