Primary Purpose of Role
As our Information Security Manager, you’ll own the information security function. You will be the first point of contact for everything from ISMS governance to platform security. You’ll run and evolve an established ISO 27001:2022-aligned programme with real scope to shape it, working directly with our CTO, VP of Engineering and commercial leadership. It’s a hands-on role for someone ready to step up and build their reputation as a security leader.
Core Accountabilities
- Own and improve the ISMS and Risk Management Framework, including governance meetings, annual audits and policy/process documentation
- Lead reviews of security policies and procedures, adapting them to business needs and generating new policies where required
- Deliver and promote relevant security awareness training and security programs (e.g. phishing simulations)
- Own responses to client and prospect RFIs, RFPs and security questionnaires
- Partner with the Technology team to strengthen our SaaS platform’s security posture, including secure development practices (e.g. OWASP), infrastructure security and data protection, and help developers understand their security responsibilities
- Support the CTO and VP of Engineering in defining and maintaining technical security standards
- Build scalable, proactive security processes, making use of tools and AI where appropriate
Experience
- 5+ years' experience in Information Security, Governance, Risk Management and/or Compliance roles in a technology / financial services setting
- Demonstrable experience managing an ISMS in an ISO 27001:2022 aligned environment, including external audits and auditors
- Managing budgets and suppliers
- Exposure to securing SaaS or cloud-hosted platforms, including secure development practices (e.g. OWASP), infrastructure security and data protection
- Experience responding to client security questionnaires, RFIs and RFPs, ideally using automation or managed tooling
Skills
- Detailed knowledge of the ISO 27001:2022 standard
- Understanding of application and cloud security fundamentals (e.g. OWASP Top 10, secure SDLC) and the ability to translate these for development teams
- Excellent administrative skills, including document management, audit management, reporting and presenting (Jira and Confluence beneficial)
- Communication skills supporting diverse audiences from external parties to internal technical stakeholders
- Process improvement and automation – comfortable using tools and AI to scale security operations
- Commercial awareness
Education / Professional Qualifications
Relevant professional certifications are desirable but not required (e.g. ISO 27001:2022 Lead Implementer / Lead Auditor, CISSP, CISM, CCSP or cloud security certifications)