Information Security Manager

Information Security Manager (GRC Focus)

We’re partnering with a large, multi-site organisation looking to bring in an experienced Information Security Manager to take ownership of their GRC function.

This is a hands-on, high-impact role where you’ll shape security strategy, drive compliance, and embed a strong security culture across the business.

What you’ll be doing:

• Owning and evolving the information security strategy, policies, and ISMS (ISO 27001 aligned)
• Leading governance, risk, and compliance activity across the organisation
• Acting as the go-to for data protection across UK and EU regulations (GDPR, NIS, etc.)
• Managing security risk assessments, DPIAs, and maintaining the risk register
• Overseeing vulnerability management, pen testing, and remediation efforts
• Leading incident response and supporting major incident management when needed
• Driving audit readiness across frameworks like ISO 27001, NIST, PCI DSS
• Managing third-party/vendor risk and security due diligence
• Delivering security awareness programmes and influencing stakeholders at all levels

What they’re looking for:

• Proven experience in a GRC-focused cyber security role
• Strong understanding of risk, compliance frameworks, and security principles
• Ability to translate technical risk into clear business impact
• Hands-on experience with vulnerability management and security assessments
• Good knowledge of network security and modern security tooling
• Strong grasp of UK/EU data protection regulations
• Experience working with ISO 27001 and similar frameworks

Nice to have:

• Certifications like CISSP, CISM, ISO 27001, or similar
• Exposure to cloud environments (Azure/AWS) and security tooling
• Experience working in complex, multi-site environments

Why this role?

You’ll be stepping into a role with real ownership, visibility, and influence. It’s an opportunity to shape security maturity in a business where cyber is taken seriously and continues to grow in importance.

…