Group Information Security Manager

Group Information Security Manager

Location: Blackfriars, London – hybrid

Salary: £60-65K plus excellent benefits package

Contract: 12-month fixed term contract, with possibility of extension

About the Opportunity

Our client is a UK-based,purpose-led organisation that partners with public, private and third sector bodies to design, test and scale practical innovations that improve outcomes for people and communities.

They are now seeking an experiencedGroup Information Security Manager to join their IT team. This is an elevated Manager-level role, created to support the merger of two existingInformation Security Management Systems into one coherent Group-wide framework.

The Information Security strategy is already in place, so this role is focused onexecution, delivery, stakeholder management and clear communication. It will suit a hands-onplayer-manager who can improve processes, embed controls, coordinate audit readiness and bring people with them across a complex, multi-entity environment.

Key Requirements

You will be an experiencedInformation Security Manager, ISMS Manager, Information Security Lead, Cyber Security Governance Manager or similar, with strong practical experience acrosssecurity governance, risk, compliance, audit readiness and ISMS delivery. You will ideally bring:

• Strong experience managingInformation Security in a complex organisation or group structure
• Excellent knowledge ofISO 27001, ideally including ISO 27001:2022
• Experience withCyber Essentials andCyber Essentials Plus
• Strong understanding ofISMS management, implementation and continuous improvement
• Experience supporting or leadinginternal and external audits
• Ability to manage audit preparation, evidence gathering, remediation and follow-up actions
• Strong knowledge ofinformation security risk management, asset registers, risk logs and treatment plans
• Experience improving practical security processes, controls and reporting
• Working knowledge ofGDPR, the Data Protection Act and wider data protection implications
• Experience withincident management, corrective actions and remediation tracking
• Strong stakeholder management skills, with the ability to influence without direct authority
• Experience working across multiple entities, departments or subsidiaries would be highly valuable
• Prior experience merging or aligningISMS frameworks would be a significant advantage
• Desirable knowledge ofNIST and qualifications such as CISM

You will be a clear communicator, practical problem solver and organised delivery-focused professional who can balance governance requirements with real-world implementation.

Role & Responsibilities

AsGroup Information Security Manager, you will support the continued maturity of Information Security across the organisation and its subsidiaries, with a strong focus on implementation and operational delivery. Your responsibilities will include:

• Supporting the merger of two existingISMS frameworks into one Group-wide model
• Helping to reduce duplication, clarify accountability and improve visibility across entities
• Delivering against the existingInformation Security roadmap
• Embedding Information Security into day-to-day business processes and decision-making
• Translating security requirements into clear, proportionate and usable guidance for staff
• Supporting compliance and audit activity forISO 27001, Cyber Essentials and Cyber Essentials Plus
• Coordinating audit preparation, staff readiness, evidence collection and remediation activity
• Acting as a key point of contact for external auditors and certification bodies
• Preparing and supportingInformation Security Management Reviews
• Supporting the cross-organisationalSecurity Forum and Audit and Risk Committee reporting
• Maintaining Information Security policies, standards, risk logs, asset registers and treatment plans
• Conducting security reviews and assessments across the organisation
• Managing theCorrective Action Plan and improving tracking of risks, incidents and actions
• Supporting third-party and supplier security assessments, including cloud-based services
• Investigating and coordinating responses to Information Security incidents
• Working closely withIT, Technical Architecture, Finance, Legal and business stakeholders
• SupportingBusiness Continuity Planning, Disaster Recovery Planning and resilience testing

Why Join?

This is an excellent opportunity to step into a visibleGroup Information Security Manager role where the focus is on practical delivery, not just policy ownership.

You will play a key part in merging and maturing the organisation’s ISMS framework, improving audit readiness, strengthening controls and helping embed a clear, practical security culture across a purpose-led organisation.

The role offers hybrid working fromBlackfriars, London, flexible working options and the chance to make a meaningful impact across a collaborative, multi-entity environment.