Information Security Manager in Bristol

TwinStream was formed to consolidate our founders’ collective expertise and experience into one business, providing technical excellence and exceptional service to our clients. We have teams working both on-site with clients and remotely from home.

We’re looking for a hands-on, mid-to-senior information security practitioner who enjoys getting involved in the practical aspects of security. This role focuses on delivery, updating and writing policies, delivering training, and providing clear, pragmatic security advice across TwinStream. You’ll work independently, owning day-to-day information security activities without line management responsibilities. While we may occasionally bring in specialist support, you’ll be trusted to drive the work forward. This role concentrates on governance, risk, and compliance rather than IT operations. You won’t be configuring systems or running security tools—our IT teams handle that—allowing you to focus on enabling secure delivery and building a positive security culture.

Key Responsibilities

• Manage information security incidents and security risks across the organisation
• Own and maintain the Information Security Management System (ISMS), including creating and updating policies, procedures, and guidance
• Ensure adherence to information security policies and standards
• Drive a programme of continuous information security improvement
• Embed and promote a positive security culture across the business
• Ensure compliance with relevant certifications and regulatory requirements, including ISO 27001, Cyber Essentials Plus, UK GDPR/Data Protection Act, and MOD CSM v3 and v4
• Plan and coordinate security audits (internal, external, customer, and penetration testing), managing evidence collection and tracking findings through to resolution
• Provide information security expertise to projects, services, and business initiatives, including developing or contributing to Security Management Plans
• Design and deliver information security training and awareness activities
• Contribute to Business Continuity, Disaster Recovery, and internal audit activities
• Act as the primary point of contact for information security across TwinStream

Key Skills

• Proven experience in an Information Security Manager or similar role, including security incident management, risk management, security governance, and providing practical information security guidance
• Experience embedding information security into the design, development, and delivery of software-based solutions, including secure development practices, cloud services, and integrated platforms
• Strong understanding of recognised information security frameworks and certifications, particularly ISO 27001 and Cyber Essentials Plus
• Good knowledge of relevant UK legislation and regulatory requirements
• Comfortable working remotely (within the UK) in a flexible, fast-paced environment
• Strong organisational skills with the ability to manage priorities effectively
• Excellent written and verbal communication skills, with the ability to tailor messaging for different audiences
• Relevant professional certifications such as CISSP (highly desirable), CISM, or ISO 27001 Lead Implementer/Auditor
• Ability and willingness to undergo UK Security Clearance (minimum SC level)

Desired Skills

• Experience in information security roles within the UK defence sector, national security sector, or other highly regulated industries
• Existing UK Security Clearance (SC)
• Familiarity with MOD security frameworks, including CSM v3 and v4, IPSA, and FSC
• Experience using the Atlassian suite, particularly Jira
• Demonstrated experience in managing security incidents and leading incident response teams
• Ability to present and be the focal point for security matters across the business
• Experience in supporting the security controller role in various security frameworks
• Understanding of insider threat operational and governance requirements, and experience in applying them

Benefits and Perks

• Pension Plan: 8% employer contribution
• Private Medical Healthcare: comprehensive private medical care including dental and optical for you and your family
• Learning and Development: autonomous growth opportunities
• Flexible Working: balanced work-life integration
• Electric Vehicle Scheme: salary sacrifice scheme for an EV lease
• Holidays: 28 days of annual leave plus bank holidays
• Team Events: quarterly meetings plus Christmas and summer parties
• Additional Benefits: life assurance and cycle-to-work scheme

To meet the security requirements of certain clients and industries we serve, any job offer will be contingent upon the successful completion of a security screening process. At TwinStream, we take pride in being an equal opportunity employer. We celebrate diversity and are committed to fostering an inclusive environment where all individuals are valued and respected. We welcome applications from qualified candidates regardless of race, religion, disability, age, sexual orientation, or gender.