IT Security Manager

IT Security Manager

We are looking for an experiencedIT Security Manager to lead and strengthen the organisation’s information security capability. This is a key role responsible for protecting systems, data, infrastructure, and users against evolving cyber threats while ensuring security controls remain practical, effective, and aligned with business needs.

You will oversee security operations, risk management, governance, incident response, and security awareness activities. Working closely with IT, senior stakeholders, third-party suppliers, and wider business teams, you will help maintain a secure technology environment and support ongoing compliance with relevant security standards and best practices.

Key Responsibilities

• You will lead the development, implementation, and maintenance of information security policies, procedures, and controls across the organisation.
• You will manage security risks, vulnerabilities, audits, and assessments, ensuring appropriate remediation plans are in place and tracked through to completion.
• You will oversee incident response processes, investigating security events and coordinating effective responses to minimise business impact.
• You will work with internal teams and external suppliers to ensure infrastructure, applications, cloud services, and networks are designed and operated securely.
• You will support compliance with relevant frameworks and standards such as ISO 27001, Cyber Essentials, NIST, GDPR, or similar.
• You will promote a positive security culture through user awareness, training, guidance, and stakeholder engagement.
• You will provide reporting and recommendations to senior leadership on security risks, trends, controls, and improvement plans.

Skills and Experience

• The ideal candidate will have strong experience in IT security, cyber security, information security, or security operations within a business environment.
• You should have a good understanding of security governance, risk management, vulnerability management, incident response, access control, network security, endpoint security, and cloud security.
• Experience working with security frameworks such as ISO 27001, NIST, Cyber Essentials, CIS Controls, or similar would be highly beneficial.
• You will be confident engaging with technical and non-technical stakeholders, translating security risks into clear business language.
• Relevant certifications such as CISSP, CISM, CISA, ISO 27001 Lead Implementer, CompTIA Security+, or similar would be advantageous.

Candidate Profile

This role would suit a proactive and pragmatic security professional who can balance risk, compliance, and operational delivery. You will be comfortable taking ownership, influencing stakeholders, and improving security maturity across a growing or complex environment.