Information Security Manager

Information Security Manager

Location: Central Bristol
Job Type: Full-time, Hybrid (2 days per week in-office)
Salary: £60,000 - £70,000 + Benefits

We are recruiting an Information Security Manager to lead the operational and strategic security programme for a respected organisation headquartered in central Bristol. This hybrid role offers the opportunity to shape the company's approach to information risk and resilience, while managing a skilled internal team and driving alignment with industry standards and best practice.

Reporting to the Head of Security & Governance, the successful candidate will play a central role in delivering risk reduction across the business. You'll be responsible for maintaining ISO27001 compliance, overseeing risk assessment and mitigation, and supporting incident management across multi-entity operations.

Key Accountabilities:

Lead and manage a team of three security professionals, supporting their development and day-to-day delivery.
Ensure ongoing ISO27001 accreditation and alignment with broader assurance frameworks (e.g. NIST CSF, Cyber Essentials).
Shape and implement the company's information security strategy, including policy, tooling, and training.
Conduct risk assessments, oversee remediation plans, and guide secure-by-design approaches across projects.
Provide technical leadership in areas including threat intelligence, compliance reporting, and incident response.
Support regulatory and internal audits, contributing clear documentation and continuous improvement.
Collaborate with internal teams and external partners, including service providers and the organisation's parent company.

Required Skills & Qualifications:

Demonstrable experience in information security leadership, including line management or team leadership.
In-depth knowledge of ISO27001, GDPR, FCA SYSC, PCI DSS and other regulatory/compliance frameworks.
Hands-on experience with security technologies: SIEM, IAM, vulnerability assessment, endpoint protection, cloud services (AWS, SaaS, IaaS).
Strong communication skills and stakeholder management abilities.
Experience in incident response and enterprise risk reporting.
Professional certifications such as CISSP or ISO27001 Lead Implementer/Auditor (desirable).

Benefits:

Hybrid working (2 days per week in-office)
Generous annual leave & pension contributions
Life assurance and private health options
Training budget and career development support
Collaborative, supportive team cultureIf you're ready to lead a team, shape an enterprise-wide security programme, and work at the heart of a well-established organisation, we'd love to hear from you.

Apply today - successful applicants will be contacted within 24-48 working hours