Information Security ManagerDepartment:
TechnologyLocation:
Central London (Regent’s Place, NW1) – Hybrid (4 days in office)Reports To:
Head of Information SecurityType of Contract:
Permanent
ResponsibilitiesGovernance:
Develop and maintain information security policies, standards, and procedures.
Ensure alignment of security policies with business objectives and regulatory requirements.
Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures.
Complete security assessments for third‑party suppliers, assets (buildings/retail) and projects to ensure adherence to cybersecurity policies and standards.
Deliver and maintain the supplier risk assessment process.
Risk Management:
Identify and assess information security risks across the organisation and maintain the risk register.
Develop and implement risk mitigation strategies and action plans.
Conduct regular risk assessments and audits to ensure compliance with security policies and standards.
Monitor and report on the status of risk management activities.
Compliance:
Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001).
Coordinate and support internal and external audits and assessments.
Develop and deliver security awareness and training programmes to employees.
Maintain documentation and evidence of compliance activities.
Advocacy:
Articulate the need for information security and compliance.
Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives.
Deliver infosec controls that are effectively designed and implemented.
Identify security gaps and work with stakeholders to define remediation actions.
Collaboration:
Provide guidance and support to business units on security‑related matters.
Oversee security awareness training, including course management, rollout, and phishing tests.
Manage the information security steering‑committee meeting – take minutes, organise meetings and actions.
Support technology projects with security analysis of proposed solutions and highlight risks.
Liaise with stakeholders on cyber‑security issues and provide future recommendations.
Research and generate reports for technical and non‑technical staff.
Give advice and guidance to staff on information security related issues.
Define and monitor security policies and best‑practice standards.
Technical Engagement & Supplier Oversight:
Maintain a working understanding of the organisation’s security technology stack (e.g., SIEM, email security, DLP, endpoint, identity, vulnerability management) sufficient to engage credibly with the wider infosec team.
Critically review and challenge supplier technical proposals, architectures and security testing reports (e.g., SOC 2, penetration test reports).
Provide informed input into security testing scope (e.g., penetration testing, configuration reviews) and review remediation activity with suppliers.
Support incident response and operational infosec activities as required, acting as an all‑round contributor in a small team.
AI Governance:
Maintain awareness of AI developments relevant to information security, including risks and opportunities.
Support the application of the organisation’s AI governance framework, including risk review of AI use cases.
Identify and pilot opportunities to leverage AI capability within the infosec function to improve productivity, coverage, and effectiveness.
About You
Strong written and oral communication skills.
Passionate about information security and proactive in recommending improvements.
Enthusiastic, supportive team player.
Strong Microsoft Office skills.
Self‑motivated problem solver.
Strong time management and organisational skills.
Pragmatic – balance security and productivity.
Understanding of information security risk management concepts.
Experience working collaboratively within an IT department.
Technically curious – comfortable engaging with the wider infosec team on operational and technical topics.
Genuine interest in AI and its application to information security.
Comfortable with breadth over depth – able to operate across multiple disciplines in a small team.
Required Skills
Demonstrable experience in an information security role with significant exposure to GRC.
Working knowledge of broader cyber security disciplines (e.g., supplier assurance, security testing, incident response, security operations).
Experience with ISO 27001 ISMS implementation and management, and certification process.
Strong Microsoft 365 skills, including familiarity with enterprise security tooling.
Experience with risk management.
Experience with third‑party risk management software (e.g., Surecloud, OneTrust).
Working understanding of common cyber security domains (e.g., network security, endpoint protection, identity and access management, vulnerability management, security testing).
Preferred Skills
ISO 27001 or NIST framework experience.
ISO 27005 risk management experience.
Experience with Surecloud/GRP alternatives.
Exposure to AI governance frameworks (e.g., NIST AI RMF) or developing AI use‑case risk assessments.
Exposure to property technology is an advantage.
Experience reviewing penetration test reports, SOC 2 reports, or supplier security architectures.
Experience with security tooling such as SIEM, email security platforms or vulnerability scanning.
Hands‑on experience supporting incident response and security operations activities.
Experience taking detailed minutes during senior or executive level meetings.
Desirable Accreditations
ISO 27001 lead auditor/implementer certification.
ISO 27005 risk management certification.
CySIP, CISM or equivalent.
CompTIA Security+ or equivalent foundational technical certification.
#J-18808-Ljbffr…
