Information Security Manager

Company: British Land
Apply for the Information Security Manager
Location: London
Job Description:

Information Security Manager

Department: TechnologyLocation: Central London (Regent’s Place, NW1) – Hybrid (4 days in office)Reports To: Head of Information SecurityType of Contract: Permanent

Responsibilities

Governance:

  • Develop and maintain information security policies, standards, and procedures.
  • Ensure alignment of security policies with business objectives and regulatory requirements.
  • Monitor compliance with policies and conduct regular reviews and updates of security policies and procedures.
  • Complete security assessments for third‑party suppliers, assets (buildings/retail) and projects to ensure adherence to cybersecurity policies and standards.
  • Deliver and maintain the supplier risk assessment process.

Risk Management:

  • Identify and assess information security risks across the organisation and maintain the risk register.
  • Develop and implement risk mitigation strategies and action plans.
  • Conduct regular risk assessments and audits to ensure compliance with security policies and standards.
  • Monitor and report on the status of risk management activities.

Compliance:

  • Ensure compliance with relevant laws, regulations, and industry standards (e.g., GDPR, ISO 27001).
  • Coordinate and support internal and external audits and assessments.
  • Develop and deliver security awareness and training programmes to employees.
  • Maintain documentation and evidence of compliance activities.

Advocacy:

  • Articulate the need for information security and compliance.
  • Build strong stakeholder relationships across the business to enable effective communication and delivery of infosec objectives.
  • Deliver infosec controls that are effectively designed and implemented.
  • Identify security gaps and work with stakeholders to define remediation actions.

Collaboration:

  • Provide guidance and support to business units on security‑related matters.
  • Oversee security awareness training, including course management, rollout, and phishing tests.
  • Manage the information security steering‑committee meeting – take minutes, organise meetings and actions.
  • Support technology projects with security analysis of proposed solutions and highlight risks.
  • Liaise with stakeholders on cyber‑security issues and provide future recommendations.
  • Research and generate reports for technical and non‑technical staff.
  • Give advice and guidance to staff on information security related issues.
  • Define and monitor security policies and best‑practice standards.

Technical Engagement & Supplier Oversight:

  • Maintain a working understanding of the organisation’s security technology stack (e.g., SIEM, email security, DLP, endpoint, identity, vulnerability management) sufficient to engage credibly with the wider infosec team.
  • Critically review and challenge supplier technical proposals, architectures and security testing reports (e.g., SOC 2, penetration test reports).
  • Provide informed input into security testing scope (e.g., penetration testing, configuration reviews) and review remediation activity with suppliers.
  • Support incident response and operational infosec activities as required, acting as an all‑round contributor in a small team.

AI Governance:

  • Maintain awareness of AI developments relevant to information security, including risks and opportunities.
  • Support the application of the organisation’s AI governance framework, including risk review of AI use cases.
  • Identify and pilot opportunities to leverage AI capability within the infosec function to improve productivity, coverage, and effectiveness.

About You

  • Strong written and oral communication skills.
  • Passionate about information security and proactive in recommending improvements.
  • Enthusiastic, supportive team player.
  • Strong Microsoft Office skills.
  • Self‑motivated problem solver.
  • Strong time management and organisational skills.
  • Pragmatic – balance security and productivity.
  • Understanding of information security risk management concepts.
  • Experience working collaboratively within an IT department.
  • Technically curious – comfortable engaging with the wider infosec team on operational and technical topics.
  • Genuine interest in AI and its application to information security.
  • Comfortable with breadth over depth – able to operate across multiple disciplines in a small team.

Required Skills

  • Demonstrable experience in an information security role with significant exposure to GRC.
  • Working knowledge of broader cyber security disciplines (e.g., supplier assurance, security testing, incident response, security operations).
  • Experience with ISO 27001 ISMS implementation and management, and certification process.
  • Strong Microsoft 365 skills, including familiarity with enterprise security tooling.
  • Experience with risk management.
  • Experience with third‑party risk management software (e.g., Surecloud, OneTrust).
  • Working understanding of common cyber security domains (e.g., network security, endpoint protection, identity and access management, vulnerability management, security testing).

Preferred Skills

  • ISO 27001 or NIST framework experience.
  • ISO 27005 risk management experience.
  • Experience with Surecloud/GRP alternatives.
  • Exposure to AI governance frameworks (e.g., NIST AI RMF) or developing AI use‑case risk assessments.
  • Exposure to property technology is an advantage.
  • Experience reviewing penetration test reports, SOC 2 reports, or supplier security architectures.
  • Experience with security tooling such as SIEM, email security platforms or vulnerability scanning.
  • Hands‑on experience supporting incident response and security operations activities.
  • Experience taking detailed minutes during senior or executive level meetings.

Desirable Accreditations

  • ISO 27001 lead auditor/implementer certification.
  • ISO 27005 risk management certification.
  • CySIP, CISM or equivalent.
  • CompTIA Security+ or equivalent foundational technical certification.

#J-18808-Ljbffr…

Posted: July 14th, 2026