Information Security Manager

Business Stream is looking for an experienced and forward‑thinking Information Security Manager to lead and evolve our company’s information security programme. In this pivotal role, you will be responsible for safeguarding our data, systems and services from ever‑changing cyber threats, ensuring they remain secure, compliant and resilient.

You’ll shape and implement our information security strategy, set governance standards, and drive secure‑by‑design principles across the business. Working closely with colleagues across IT, Change, HR, Procurement, Compliance and more, you’ll balance security, risk, usability and cost to support Business Stream’s strategic goals.

From managing system vulnerabilities, incident response and risk assessments, to leading supplier security oversight and championing a strong culture of cyber awareness, you will be our subject‑matter expert and primary point of contact for all cybersecurity matters.

This role also includes responsibility for operational partnerships, such as managed SOC, SIEM and threat‑management services, and ensuring we continue to mature our security posture in line with recognised frameworks like ISO 27001, NIST and CIS Controls.

If you’re a strategic thinker with willingness and ability to get hands‑on, this role offers the opportunity to make a meaningful impact across the organisation.

What makes you just right for us?

• Experience in information security, including leading or owning an information security programme, domain or team.
• Strong understanding of industry frameworks and standards such as ISO 27001/2, CIS Controls, NIST CSF/800‑53, and established risk methodologies.
• Hands‑on experience across cloud and modern IT security, particularly Microsoft Azure, M365, Entra, Sentinel, Purview, endpoint security and vulnerability management.
• Proven capability in incident response, from detection through to lessons learned.
• Excellent ability to translate technical risk into clear business impact, coupled with confident stakeholder engagement and executive‑level reporting skills.
• Experience embedding security into change, conducting threat modelling, and steering secure design reviews.
• Solid understanding of regulatory requirements, including GDPR and other relevant industry regulations.
• Strong written and verbal communication skills, demonstrating clarity, influence and collaboration.
• Professional certifications such as CISSP, CISM, CCSP, ISO 27001 Lead Implementer/Auditor, CEH or GIAC.
• Experience managing security certifications, third‑party risk programmes and assurance activities.
• Exposure to SIEM engineering, SOAR, IaC security (Terraform/Bicep), scripting for automation, and security tooling optimisation.
• Knowledge of the water industry or its regulatory landscape.
• Previous management experience - leading a team and/or managing vendors.

What’s in it for you?

• Salary up to £65,000 DOE
• 31 days annual leave and six bank holidays
• Subsidised staff restaurant and free gym membership

A Disability Confident Committed Employer

If you consider yourself to have a disability, we encourage you to disclose that as part of your application. That means we can provide the necessary support and use your unique talents effectively.

The closing date for applications is Friday 22nd May at 5pm.

#J-18808-Ljbffr