Information Security Manager

We are seeking a highly skilled and experiencedInformation Security Managerto join our dynamic information security and data protection team. This role offers a unique opportunity to shape and implement security strategies that safeguard the organisation's information and technology systems.

As theInformation Security Manager, you will be responsible for overseeing the organisation’s information security management system (ISMS). Your primary focus will be on managing the delivery of, and improving, security policies, practices, and standards to protect our company and our clients. You will work closely with other departments to ensure compliance with our ISMS and identify security risks to mitigate potential vulnerabilities.

TheInformation Security Managerwill perform fundamental security and data protection tasks. You will conduct security and data protection assessments, supporting vulnerability management, reviewing security configurations, and contributing to the development of security and data protection policies. The ideal candidate is eager to learn and grow within the information security and data protection fields while contributing to the team’s efforts to protect our organisation's data and IT infrastructure.

This is a full-time position. Occasional after-hours work may be required for incident response or urgent security tasks. 

The successful candidate will be enrolled on a personalised development plan, and will be provided with mentoring support to help you grow and learn.

Responsibilities:

1.       Develop and Implement Security Governance:

• Design, implement, and enforce information security policies and procedures aligned with business objectives and regulatory requirements
• Identify and develop a strategy to mitigate, manage, and monitor security risks and incidents
• Manage security audits and assessments and provide recommendations to improve the security posture of our systems and infrastructure
• Work collaboratively with other departments to ensure the alignment of security efforts with wider business objectives

2.      Risk Management:

• Identify and assess information security risks
• Provide recommendations for mitigating and managing risks effectively
• Security system management, administration and reporting;
• Provide advice an guidance to teams on how to mitigate any identified risks

3.     Vulnerability Management:

• Coordinate security assurance testing and vulnerability management
• Provide advice and guidance to teams on how to mitigate vulnerabilities, and following up on remediation progress
• Work with development teams to embed secure coding practices

4.     Incident Response & Recovery:

• Lead incident response efforts on a duty basis
• Provide guidance on threat mitigation, containment, and recovery processes

5.     Compliance:

• Ensure compliance with relevant regulations (CCPA, GDPR, etc.)
• Manage ITG Group ISO 27001 certification process and ISMS, including all external audits, internal audits, and planning
• Ensure the accurate review of system configurations takes place to ensure alignment with security and data protection best practices
• Ensure the documenting of configuration settings

6.     Staff Training & Awareness:

• Implement and manage an enterprise-wide security awareness training program
• Conduct regular training sessions and awareness programs to educate employees on security risks and best practices

7.      Vendor Management:

• Manage third-party vendor security assessments, ensuring third-party partners comply with security protocols

8.     Reporting & Documentation:

• Maintain accurate records of security incidents, audits, assessments etc. and compile progress reports
• Implement and report on security key performance indicators and outcome driven metrics

9.     Continuous Improvement:

• Continuously assess security infrastructure and recommend improvements to strengthen data protection and cybersecurity
• Keep up to date with the latest security threats, trends, technologies, and regulations in the industry
• Keep the organisation updated on industry best practices

Requirements

• 5+ years of experience in cyber security or a related IT role
• Professional certifications (e.g. CISM, CISSP etc.) or a degree in a related field are preferred, but not essential
• Strong understanding of security concepts, tools, and technologies (e.g., SIEM, firewalls, vulnerability scanners)
• Strong understanding of network security and operating systems
• Commitment to continuous professional development, with a willingness to learn and grow in the cybersecurity field
• Ability to help coach and guide less experienced members of the wider Information Security and Data Protection team
• Ability to work autonomously and manage multiple tasks simultaneously
• Strong analytical, investigative, and problem-solving abilities
• The adaptability to do a range of work, sometimes complex and non-routine, in different environments
• The ability to work under direction, use discretion, and determine when to escalate issues
• Strong written and verbal communication skills, with the ability to interact effectively with both technical and non-technical stakeholders

Benefits

Work’s a treat!

On top of a competitive salary, you can expect a whole load of perks:

• 25 days’ holiday + bank holidays – we understand the importance of you getting some down time.

• Annual Wellbeing Day – enjoy an additional day on us to look after your physical and mental wellbeing.
• Pension Scheme – helping you save towards your retirement home in the sun!
• Corporate Medical Cash Plan – claim back the cost of your medical treatments.
• Smart Working Options – spend up to 40% of your working week from home.
• So many savings – through our online community platform, you can access dozens of daily deals, from money off top brands to discounts on days out.

• Employee Assistance Programme – our people are at the heart of everything we do, so if you’re happy, we’re happy.
• Cycle to Work Scheme – save on the cost of biking to work.
• Monthly Employee Awards - Employee of the Month programme with £250 bonus
• Raising money for charity including a paid Volunteer Day – we’re all about giving back… and having lots of fun in the process!
• Referral scheme – know the perfect person to join the team? You could bag £1,500 for a putting a good word in.

• Wellbeing Programme – giving you the opportunity to join regular, interactive Wellbeing Workshops or join our 30 plus Wellbeing Champions.
• Enhanced Family Friendly Leave – support for you and your family to help you navigate through the craziness of family life.

We Value Diversity

We champion and welcome diversity in our workforce and ensure all job applicants receive equal and fair treatment, regardless of age, race, gender or gender identity, religion, sexual orientation, disability, or nationality.

We are not only committed to increasing the visibility and recognition of talent from under-represented groups within our organisation, but the wider industry too.

At the end of the day, we make sure we take time to look after ourselves, each other, and the planet, because we’re always stronger together.

ITG have a number of community groups (ERGs) available to employees which offer a safe space for like-minded colleagues, with shared interests to connect, socialise and check in with each other. These include Black ITGers Together, LGBTQ+ Together, Mens Health Together, Muslims Together, Neurodiversity Together, Working Parents and Carers Together and Women In Tech Together.

#LI-NW1