Information Security Manager
Department: TechnologyLocation: Central London (Regent’s Place, NW1) – Hybrid (4 days in office)Reports To: Head of Information SecurityType of Contract: Permanent
Responsibilities
Governance:
- Develop and maintain information security policies, standards, and procedures.
- Ensure alignment of security policies with business objectives and regulatory requirements.
- Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures.
- Complete security assessments for third‑party suppliers, assets (buildings/retail) and projects to ensure adherence to cybersecurity policies and standards.
- Deliver and maintain the supplier risk assessment process.
Risk Management:
- Identify and assess information security risks across the organisation and maintain the risk register.
- Develop and implement risk mitigation strategies and action plans.
- Conduct regular risk assessments and audits to ensure compliance with security policies and standards.
- Monitor and report on the status of risk management activities.
Compliance:
- Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001).
- Coordinate and support internal and external audits and assessments.
- Develop and deliver security awareness and training programmes to employees.
- Maintain documentation and evidence of compliance activities.
Advocacy:
- Articulate the need for information security and compliance.
- Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives.
- Deliver infosec controls that are effectively designed and implemented.
- Identify security gaps and work with stakeholders to define remediation actions.
Collaboration:
- Provide guidance and support to business units on security‑related matters.
- Oversee security awareness training, including course management, rollout, and phishing tests.
- Manage the information security steering‑committee meeting – take minutes, organise meetings and actions.
- Support technology projects with security analysis of proposed solutions and highlight risks.
- Liaise with stakeholders on cyber‑security issues and provide future recommendations.
- Research and generate reports for technical and non‑technical staff.
- Give advice and guidance to staff on information security related issues.
- Define and monitor security policies and best‑practice standards.
Technical Engagement & Supplier Oversight:
- Maintain a working understanding of the organisation’s security technology stack (e.g., SIEM, email security, DLP, endpoint, identity, vulnerability management) sufficient to engage credibly with the wider infosec team.
- Critically review and challenge supplier technical proposals, architectures and security testing reports (e.g., SOC 2, penetration test reports).
- Provide informed input into security testing scope (e.g., penetration testing, configuration reviews) and review remediation activity with suppliers.
- Support incident response and operational infosec activities as required, acting as an all‑round contributor in a small team.
AI Governance:
- Maintain awareness of AI developments relevant to information security, including risks and opportunities.
- Support the application of the organisation’s AI governance framework, including risk review of AI use cases.
- Identify and pilot opportunities to leverage AI capability within the infosec function to improve productivity, coverage, and effectiveness.
About You
- Strong written and oral communication skills.
- Passionate about information security and proactive in recommending improvements.
- Enthusiastic, supportive team player.
- Strong Microsoft Office skills.
- Self‑motivated problem solver.
- Strong time management and organisational skills.
- Pragmatic – balance security and productivity.
- Understanding of information security risk management concepts.
- Experience working collaboratively within an IT department.
- Technically curious – comfortable engaging with the wider infosec team on operational and technical topics.
- Genuine interest in AI and its application to information security.
- Comfortable with breadth over depth – able to operate across multiple disciplines in a small team.
Required Skills
- Demonstrable experience in an information security role with significant exposure to GRC.
- Working knowledge of broader cyber security disciplines (e.g., supplier assurance, security testing, incident response, security operations).
- Experience with ISO 27001 ISMS implementation and management, and certification process.
- Strong Microsoft 365 skills, including familiarity with enterprise security tooling.
- Experience with risk management.
- Experience with third‑party risk management software (e.g., Surecloud, OneTrust).
- Working understanding of common cyber security domains (e.g., network security, endpoint protection, identity and access management, vulnerability management, security testing).
Preferred Skills
- ISO 27001 or NIST framework experience.
- ISO 27005 risk management experience.
- Experience with Surecloud/GRP alternatives.
- Exposure to AI governance frameworks (e.g., NIST AI RMF) or developing AI use‑case risk assessments.
- Exposure to property technology is an advantage.
- Experience reviewing penetration test reports, SOC 2 reports, or supplier security architectures.
- Experience with security tooling such as SIEM, email security platforms or vulnerability scanning.
- Hands‑on experience supporting incident response and security operations activities.
- Experience taking detailed minutes during senior or executive level meetings.
Desirable Accreditations
- ISO 27001 lead auditor/implementer certification.
- ISO 27005 risk management certification.
- CySIP, CISM or equivalent.
- CompTIA Security+ or equivalent foundational technical certification.
#J-18808-Ljbffr…
