Information Security Manager

Role Overview

We’re looking for an Information Security Manager to take ownership of information security across the business. You’ll be the go‑to authority on cybersecurity — managing security tooling, driving compliance programmes, leading risk assessments and communicating security posture to senior leadership.

We’ve built strong foundations and we need someone to own this domain full‑time: to keep raising the bar, strengthen what’s in place and embed security into the way the whole organisation works. This is a hands‑on role in a fast‑growing e‑commerce business where security is treated as a priority, not an afterthought.

What You’ll Do

Security Operations & Tooling

• Own and continuously strengthen our cloud security posture across AWS as our primary platform, with oversight of our Azure and GCP environments.
• Manage and optimise our WAF, bot management and DDoS protection to keep our platform secure and performant.
• Drive vulnerability management across cloud infrastructure and application code, ensuring timely prioritisation and resolution.
• Lead incident response — coordinate detection, investigation, containment and post‑incident reviews.
• Maintain and evolve security monitoring, alerting and operational runbooks to ensure consistent coverage.

Governance, Compliance & Policy

• Own and evolve the company’s information security policy framework, ensuring policies remain current, practical and enforced.
• Drive UK GDPR, DPA 2018 and PCI‑DSS compliance in partnership with the Technology Director and development team.
• Lead the security dimension of vendor and third‑party risk assessments.
• Deliver clear, confident security reporting to senior leadership and due diligence audiences.

Risk Management & Security Culture

• Maintain and develop the technology risk register, running regular risk assessments aligned to business continuity planning.
• Champion security awareness across the business through training programmes, phishing simulations and practical guidance.
• Evaluate the security implications of new tools, integrations and emerging technologies including AI‑assisted development.
• Contribute to architecture and design reviews, ensuring security is built in from the start.

Required

What We’re Looking For

• Experience in an information security role (Security Manager, Security Analyst, GRC lead or similar), ideally within a technology or e‑commerce environment.
• Working knowledge of AWS security services such as Security Hub, GuardDuty, IAM, CloudTrail and KMS. AWS is our primary cloud provider and hands‑on familiarity is important.
• Practical understanding of UK GDPR, DPA 2018 and PCI‑DSS compliance requirements.
• Experience building or maturing security governance — policies, risk registers, incident response procedures.
• Ability to communicate security risk and posture clearly to both technical teams and senior leadership.
• Hands‑on comfort with security tooling, log analysis and vulnerability triage — this isn’t a role where you only write documents.

Nice to Have

• Relevant certifications such as CompTIA Security+, CISM, AWS Security Specialty or ISO 27001 Lead Implementer.
• Experience with WAF and bot management in a production e‑commerce context.
• Familiarity with SIEM, SOAR or security automation tooling.
• Exposure to ISO 27001 implementation or SOC 2 readiness programmes.
• Experience with multi‑cloud security across Azure and GCP.
• Background in e‑commerce, retail or DTC brands.

What Success Looks Like

• Taken full ownership of our security tooling and established a clear, measurable improvement plan.
• Built a structured vulnerability management lifecycle with defined SLAs and visible progress.
• Strengthened our policy framework and set direction toward a recognised maturity framework.
• Delivered security reporting that gives senior leadership a clear and confident view of our posture.
• Launched a security awareness programme with measurable engagement across the business.
• Built strong working relationships across the technology team and the wider business.

Behaviours & Traits

• Commercially wired – you think in LTV, contribution margin, and payback periods, not just campaign metrics.
• Ownership mindset – you don’t wait to be told; you identify the gap and go close it.
• Comfortable with ambiguity – the playbook doesn’t fully exist yet; you’ll write it.
• Bias for testing – you run experiments, read the data, and act on it quickly.
• Customer‑obsessed without being soft – you understand what makes Protein Works’ community tick and you use that commercially.

#J-18808-Ljbffr…