1 to 25 of 38 Information Security Management Jobs in the UK

sustainability agenda, and a continuously developing relationship with I Squared Capital - a global infrastructure investment fund manager - who acquired Arriva in 2024. We are looking for a Head of Information Security Governance, Risk, Compliance (GRC) & Awareness to join our Information Security Team on a full-time, permanent basis, based from either our Doxford office, Sunderland or … Lacon House, London. Reporting to the Group Chief Information Security Officer, the Head of InfoSec GRC & Awareness is responsible for leading the governance, risk, and compliance functions within the Information Security domain. This role ensures that the organisation maintains a robust security posture through the development and enforcement of policies, standards, and awareness initiatives. The … role is pivotal in aligning security practices with business objectives and regulatory requirements. This position oversees the continuous improvement of security policies and standards, including technical standards, ensuring adherence across the enterprise. The role is accountable for measuring cyber maturity and driving compliance with internal and external requirements. It also includes oversight of the development and implementation of More ❯

Job summary We are seeking a highly skilled and motivated Information Security Analyst to join our Digital Data & Technology (DDaT) team. This is a pivotal role supporting the Chief Information Security Officer (CISO) in delivering cyber security services across the Trust and wider health and care system. The role will support the CISO in delivering … digital safety, security and overall improvement, adhering to the Target Operating Model. The Information Security Analyst will manage the delivery of all cyber security related services. This will include cyber risk management, Data Security Protection Toolkit (DSPT) compliance against cyber relatedassertions, policy and procedure lifecycle management, and ensuring theTrust's information compliance … adheres to the Cyber Assurance Framework (CAF) and ISO27001. Main duties of the job Provide expert guidance on the selection, design, justification,implementation and operation of Cyber Security strategies, technologies,processes, procedures and standards. Support the development of controlsand management approaches to maintain the safety, confidentiality,integrity, availability and security of the Trust's digital infrastructure andsystems More ❯

Information Security Manager NCC Location: Bristol based with Hybrid working 2 days on site, 3 days home Salary: £54,102 to £67,056 per annum (experience dependent) Government Security Clearance: You will be required to undertake government security clearance if successful securing this role. Please only apply if willing to undertake clearance process. Closing Date … advert early if required. Summary; NCC is the UKs innovation partner! Were supporting a range of interesting new projects in the defence sector and are hiring for an additional Information Security Manager to join our expanding secure operations team. Your role as Information Security Manager is to ensure the effective protection of secure information and … Youll report into the Head of Secure Operations and work with a wide range of internal stakeholders including secure operations teams, the board members & senior leadership, HR business partners, security & networking managers. External relationship management will also be large part of your role including our defence sector clients and government bodies. What youll be doing; Reviewing new Security More ❯

CISM - Certified Information Security Manager Around the world, demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area. The uniquely management-focused CISM certification ensures holders understand business, and know how to manage and adapt technology to their enterprise … and industry. CISM holders are consistently recognized among the most qualified professionals in the information security and risk management fields. Effective Information Security Managers need to understand more than just Firewalls and Phishing. Having a clear Strategy and Roadmap with strong Governance and Charter is perhaps more important. Learn how to use COBIT methodology and … security architectures like TOGAF and SABSA to build a value focused InfoSec programme with RiskIT and ValIT. Uniquely focused on the management and implementation of successful information security programmes, this event is more like an MBA than MSCE or CCNA! Objective: This workshop fully covers the current ISACA CISM exam syllabus by explaining how to use More ❯

Information Security Technical Assurance Lead - £700 per day - Inside IR35 - Hybrid working from a site in Paddington - 6 months initial contract. Our client, a global supplier to the nuclear energy industry, is seeking a highly skilled Information Security Cyber Assurance Specialist to join their team. This critical role is responsible for ensuring the security and … resilience of their information systems, aligning with industry standards and regulatory requirements. You will provide assurance that their IT and OT environments are secure and compliant, supporting the delivery of business objectives while managing risk. Key Responsibilities - Develop, implement, and maintain information security assurance programs. Ensure compliance with regulatory requirements and standards (e.g., ISO 27000, NIST SP800 … series, CSF). Conduct risk assessments and vulnerability management activities. Maintain robust security controls across enterprise assets, software, networks, and applications. Support incident response and recovery processes, including penetration testing and audit log management. Deliver training and awareness programs to enhance the organizations security posture. Collaborate with internal and external stakeholders to maintain compliance and manage third More ❯

Information Security Technical Assurance Lead - £700 per day - Inside IR35 - Hybrid working from a site in Paddington - 6 months initial contract. Our client, a global supplier to the nuclear energy industry, is seeking a highly skilled Information Security Cyber Assurance Specialist to join their team. This critical role is responsible for ensuring the security and … resilience of their information systems, aligning with industry standards and regulatory requirements. You will provide assurance that their IT and OT environments are secure and compliant, supporting the delivery of business objectives while managing risk. Key Responsibilities - Develop, implement, and maintain information security assurance programs. Ensure compliance with regulatory requirements and standards (e.g., ISO 27000, NIST SP800 … series, CSF). Conduct risk assessments and vulnerability management activities. Maintain robust security controls across enterprise assets, software, networks, and applications. Support incident response and recovery processes, including penetration testing and audit log management. Deliver training and awareness programs to enhance the organizations security posture. Collaborate with internal and external stakeholders to maintain compliance and manage third More ❯

Information Security Analyst | Hybrid | Contract | Northampton My client is looking for an Information Security Analyst/GRC Analyst to be a part of their growing security team. The successful candidate will play a pivotal role in ensuring compliance with data protection regulations, supporting the Information Security Management System ISMS, and maintaining robust … governance, risk, and compliance GRC processes. Key Responsibilities on the Information Security Analyst: Manage and respond to Subject Access Requests SARs in accordance with GDPR timelines and procedures. Oversee Right to Be Forgotten and data deletion requests, ensuring complete and compliant execution. Support the wider GRC and Information Security team in data protection and risk management activities. Help maintain the Information Security Management System ISMS Provide expert advice on GDPR compliance and data subject rights. Provide expert guidance on data classification, retention, and information governance best practices. Information Security Analyst Experience/Technology: Proven experience in GRC and Information security. Extensive expertise of GDPR, SAR, and Right to More ❯

Role: Information Security and Risk Manager Location: Aberford Leeds Contract: Permanent Working: Hybrid 3 days in the office As MICHELIN Connected Fleet, a division of the Michelin Group, leader in sustainable mobility for 130 years, we specialise in connected fleet management services and solutions. We are a market leader with over 30 years expertise in a high … talent of our people. We nurture our team's growth with several company wide development programs - including our Diversity, Mentoring and Sustainability programs. THE ROLE IN SHORT: As the Information Security and Risk Manager, you are the central leader responsible for the company's overall security and compliance posture. You will manage the entire Information Security Management System (ISMS), ensuring the continuous maintenance of the ISO 27001 standard and leading the comprehensive risk management program. Your duties include coordinating internal and external audits, ensuring effective tracking of strategic security objectives and KPIs, and overseeing all security incident response and resolution efforts. WHAT WILL I BE DOING: Lead and manage the end More ❯

Role: Information Security and Risk Manager Location: Aberford Leeds Contract: Permanent Working: Hybrid 3 days in the office As MICHELIN Connected Fleet, a division of the Michelin Group, leader in sustainable mobility for 130 years, we specialise in connected fleet management services and solutions. We are a market leader with over 30 years expertise in a high … talent of our people. We nurture our team's growth with several company wide development programs - including our Diversity, Mentoring and Sustainability programs. THE ROLE IN SHORT: As the Information Security and Risk Manager, you are the central leader responsible for the company's overall security and compliance posture. You will manage the entire Information Security Management System (ISMS), ensuring the continuous maintenance of the ISO 27001 standard and leading the comprehensive risk management program. Your duties include coordinating internal and external audits, ensuring effective tracking of strategic security objectives and KPIs, and overseeing all security incident response and resolution efforts. WHAT WILL I BE DOING: Lead and manage the end More ❯

Information Security Manager - Rail Sector, URGENT HIRE Lawrence Harvey is delighted to be exclusively supporting a leading rail client once again to support with the growth of their exceptional technology team for their Information Security Manager. The Role: Leading management of information security which includes ISO27001, PCI-DSS, and vulnerability management. Working alongside … the DPO and Head of Technology to support on areas of data protection. Lead collaboration with key partners for train onboard systems cyber security assessments and risk management Establish and maintain appropriate policies, procedures, and practices in relations to cyber, data and governance practices Manage the information security incident response program Manage implementation and deployment of … Information Security Management System (ISMS). Line management of the internal InfoSec specialists. Requirements Extensive experience working with PCI-DSS and ISO27001 Strong understanding on security tools such as IDS/IPS. Demonstrable experience of leading Information Security, Governance, Compliance teams. Ideally a form of cybersecurity qualification such as CISM or CISSP Benefits More ❯

Information Security Manager - Rail Sector, URGENT HIRE Lawrence Harvey is delighted to be exclusively supporting a leading rail client once again to support with the growth of their exceptional technology team for their Information Security Manager. The Role: Leading management of information security which includes ISO27001, PCI-DSS, and vulnerability management. Working alongside … the DPO and Head of Technology to support on areas of data protection. Lead collaboration with key partners for train onboard systems cyber security assessments and risk management Establish and maintain appropriate policies, procedures, and practices in relations to cyber, data and governance practices Manage the information security incident response program Manage implementation and deployment of … Information Security Management System (ISMS). Line management of the internal InfoSec specialists. Requirements Extensive experience working with PCI-DSS and ISO27001 Strong understanding on security tools such as IDS/IPS. Demonstrable experience of leading Information Security, Governance, Compliance teams. Ideally a form of cybersecurity qualification such as CISM or CISSP Benefits More ❯

Information Security Manager - Rail Sector, URGENT HIRE Lawrence Harvey is delighted to be exclusively supporting a leading rail client once again to support with the growth of their exceptional technology team for their Information Security Manager. The Role: Leading management of information security which includes ISO27001, PCI-DSS, and vulnerability management. Working alongside … the DPO and Head of Technology to support on areas of data protection. Lead collaboration with key partners for train onboard systems cyber security assessments and risk management Establish and maintain appropriate policies, procedures, and practices in relations to cyber, data and governance practices Manage the information security incident response program Manage implementation and deployment of … Information Security Management System (ISMS). Line management of the internal InfoSec specialists. Requirements Extensive experience working with PCI-DSS and ISO27001 Strong understanding on security tools such as IDS/IPS. Demonstrable experience of leading Information Security, Governance, Compliance teams. Ideally a form of cybersecurity qualification such as CISM or CISSP Benefits More ❯

Information Security Manager - Rail Sector, URGENT HIRE Lawrence Harvey is delighted to be exclusively supporting a leading rail client once again to support with the growth of their exceptional technology team for their Information Security Manager. The Role: Leading management of information security which includes ISO27001, PCI-DSS, and vulnerability management. Working alongside … the DPO and Head of Technology to support on areas of data protection. Lead collaboration with key partners for train onboard systems cyber security assessments and risk management Establish and maintain appropriate policies, procedures, and practices in relations to cyber, data and governance practices Manage the information security incident response program Manage implementation and deployment of … Information Security Management System (ISMS). Line management of the internal InfoSec specialists. Requirements Extensive experience working with PCI-DSS and ISO27001 Strong understanding on security tools such as IDS/IPS. Demonstrable experience of leading Information Security, Governance, Compliance teams. Ideally a form of cybersecurity qualification such as CISM or CISSP Benefits More ❯

Information Security Manager - Rail Sector, URGENT HIRE Lawrence Harvey is delighted to be exclusively supporting a leading rail client once again to support with the growth of their exceptional technology team for their Information Security Manager. The Role: Leading management of information security which includes ISO27001, PCI-DSS, and vulnerability management. Working alongside … the DPO and Head of Technology to support on areas of data protection. Lead collaboration with key partners for train onboard systems cyber security assessments and risk management Establish and maintain appropriate policies, procedures, and practices in relations to cyber, data and governance practices Manage the information security incident response program Manage implementation and deployment of … Information Security Management System (ISMS). Line management of the internal InfoSec specialists. Requirements Extensive experience working with PCI-DSS and ISO27001 Strong understanding on security tools such as IDS/IPS. Demonstrable experience of leading Information Security, Governance, Compliance teams. Ideally a form of cybersecurity qualification such as CISM or CISSP Benefits More ❯

Information Security Analyst Contract Northampton Hybrid My client is looking for an Information Security Analyst/GRC Analyst to be a part of their growing security team. Policy and process is already in place, so you ll play a key role in managing Subject Access Requests (SARs), Right to Be Forgotten (RTBF) requests, and ensuring … the organisation maintains the highest standards of data privacy and governance. Key Responsibilities on the Information Security Analyst: Manage and respond to Subject Access Requests (SARs) in accordance with GDPR timelines and procedures. Oversee Right to Be Forgotten and data deletion requests, ensuring complete and compliant execution. Support the wider GRC and Information Security team in … data protection and risk management activities. Help maintain the Information Security Management System (ISMS). Maintain accurate records of all data protection requests and actions taken. Provide expert advice on GDPR compliance and data subject rights. Liaise with internal teams and stakeholders to ensure consistent adherence to data protection principles. Information Security Analyst Experience More ❯

Information Security Analyst | Contract | Northampton | Hybrid My client is looking for an Information Security Analyst/GRC Analyst to be a part of their growing security team. Policy and process is already in place, so you’ll play a key role in managing Subject Access Requests (SARs), Right to Be Forgotten (RTBF) requests, and ensuring … the organisation maintains the highest standards of data privacy and governance. Key Responsibilities on the Information Security Analyst: Manage and respond to Subject Access Requests (SARs) in accordance with GDPR timelines and procedures. Oversee Right to Be Forgotten and data deletion requests, ensuring complete and compliant execution. Support the wider GRC and Information Security team in … data protection and risk management activities. Help maintain the Information Security Management System (ISMS). Maintain accurate records of all data protection requests and actions taken. Provide expert advice on GDPR compliance and data subject rights. Liaise with internal teams and stakeholders to ensure consistent adherence to data protection principles. Information Security Analyst Experience More ❯

energy and creativity to make a positive difference, then this is the job for you. We have an exciting opportunity for a PCI and Compliance Lead to join our Information Security team for a fixed term of 18 months. The Benefits Salary - up to £64,898 p.a. – depending on skills and experience. Holidays - 25 days holiday plus public … Cycle to Work scheme. Community Day - We offer our people an extra paid day off every year to help local charities and community organisations. The Role Reporting to our Information Security Assurance Manager, you’ll be responsible for oversight, management and continuous compliance of the Payment Card Industry Data Security Standard (PCI DSS) requirements across the … Society within the Information Security Assurance Team. You’ll assist in the oversight and control of all aspects of the Information Security Management System, ensuring controls and assurance audits are in place to prevent/minimise threats such as security breaches, computer viruses or attacks by cyber criminals as well as carrying out audits More ❯

Information Security Analyst Up to £50,000 + benefits Hereford | Hybrid Permanent | Full-time We are looking for an experienced Information Security Analyst to join our client who will play a key role in driving compliance, governance, and continual improvement across key security frameworks including ISO 27001, PCI DSS, and Cyber Essentials Plus. Key Responsibilities … Lead on the operation and continual improvement of the Information Security Management System (ISMS) * Coordinate internal and external audit readiness for ISO 27001, PCI DSS, and Cyber Essentials Plus * Draft and update information security policies, procedures, and technical standards * Work with procurement and commercial teams to support supplier assurance and risk assessment * Contribute to tender … responses and bid processes, ensuring security and compliance requirements are met * Promote good security practices and raise awareness across departments * Act as an escalation point and day-to-day contact for other team members * Stay up to date with changes in legislation and standards relating to information and cyber security Key Skills & Experience: Essential: * Background in More ❯

ISO27001, IT Risk, IT Compliance, IT Controls, IT Audit, Policy. Governance, Security, Surrey area Your new company A specialist organisation in the Health/Medical sector offers hybrid working in this role based in North Surrey area. Your new role You will be working in the Risk team and will design, implement & maintain the Information Security Management … plans to address these risks, including the compilation of business continuity plans (BCP). You will work closely with colleagues in IT to enhance the technology & control frameworks regarding information security compliance & cyber threat security. Risk & Compliance You will lead the development, implementation, and continuous improvement of our Information Security Management System (ISMS) in line … with ISO 27001 and other regulatory standards. Assessing security posture, identifying vulnerabilities, and developing mitigation strategies to manage enterprise-wide information security risks. Maintaining and enhancing the organisation's risk register and heat map, ensuring risks are scored, tracked, and treated effectively. Overseeing the implementation and management of systems, including firewalls, encryption, and data protection controls. More ❯

wellness and employee assistance programmes, gymflex, travel and dental insurance Work. Life. Smarter. Our commitment to a flexible and hybrid working culture Role Purpose Design and implement changes to information security governance & risk management, to ensure that the organisation's security posture is robust, compliant, and adaptable to emerging threats while aligning with strategic business goals. … by identifying and recommending changes to Infosec policies, processes, control frameworks Ensure that we are consistently compliant with customer, regulatory, and shareholder obligations. Implement and continuously improve a risk management process across the organisation. Maintain and assess the effectiveness of the security controls catalogue; recommend improvements. Own the Information Security Management System (ISMS) to ensure … compliance with internal and external requirements. Provide assurance that security controls are operating effectively and aligned with defined frameworks. Maintain company risk portfolio and actively review and risk finding Conduct internal assessments against regulatory and customer obligations, compliance assessments, and gap analyses. Develop and implement governance frameworks aligned with business and regulatory requirements. Skills Cyber Risk Oversight - Strategic understanding More ❯

London - UK/IT/Navro - Pioneering the Future of Payments Architecting Trust: Information Security Manager This isn't just another Information Security role. No legacy systems. No corporate red tape. No coasting. This is about building something from the ground up. Fast. You won't have layers of approval slowing you down. You will have … decisions from day one. This isn't a passenger role. We're bringing you in for your expertise and your relentless drive. You will be responsible for understanding our information assets, identifying emerging threats, and implementing robust security measures that protect Navro and our clients. Who We Are We are transforming payments for global platforms and e-commerce … is inconsistent, you dive in, solve, and fix it. You're Hands On - One hour you're leading on an external audit, the next assessing a critical vendor's security posture, the next you're deep in the vulnerability rating details with DevOps. You Thrive in Chaos - Startups are messy. Deadlines change, priorities shift, and ambiguity is constant. You More ❯

Location: London/Greater London/Home-based with regular travel Reports To: Certification Manager/Head of Audit and Compliance Department: Information Security Certification About Us We are a UKAS-accredited certification body delivering independent audit and certification services across multiple management system standards, including ISO 9001, ISO 14001, and ISO 27001. Our goal is to … compliance, strengthen governance, and continuously improve. Were seeking a qualified ISO 27001 Lead Auditor based in or around London to join our expanding audit team. Youll lead and conduct Information Security Management System (ISMS) audits in line with ISO/IEC 27001:2022 , ISO 17021 , and UKAS requirements. Key Responsibilities Plan, conduct, and report Stage 1, Stage … Ensure impartiality, confidentiality, and compliance with UKAS , ISO 17021-1 , and ISO 19011 principles. Support technical reviews, certification decisions, and internal auditor development. Maintain up-to-date knowledge of information security, data protection, and cyber-risk frameworks. Essential Qualifications and Experience Successfully completed an ISO/IEC 27001:2022 Lead Auditor course (IRCA-approved or equivalent). At More ❯

An opportunity has arisen to join an expanding BS&I Cyber Security team in the Procurement & Supply Chain domain and will act as the Cyber Security Officer and respond to the needs of MBDA UK, MBDA Group and Customer requirements. Salary : Circa £45,000 - £50,000 depending on experience Dynamic (hybrid) working : 2 days per week on-site … due to workload classification Security Clearance : British Citizen or a Dual UK national with British citizenship. Restrictions and/or limitations relating to nationality and/or rights to work may apply. As a minimum and after offer stage, all successful candidates will need to undergo HMG Basic Personnel Security Standard checks (BPSS), which are managed by the … MBDA Personnel Security Team. What we can offer you: Company bonus : Up to £2,500 (based on company performance and will vary year to year) Pension : maximum total (employer and employee) contribution of up to 14% Overtime: opportunity for paid overtime Flexi Leave: Up to 15 additional days Flexible working: We welcome applicants who are looking for flexible working More ❯

re passionate about driving change and making an impact, we want to hear from you! Apply now and be part of something extraordinary. You'll be joining the Cyber Security and Compliance Team, reporting to the Cyber Security and Resilience Manager, and be responsible for proactively monitoring and protecting the ICT Infrastructure from Cyber threats, ensuring the resilience … your influencing and communication skills to ensure that the ICT Service is brought along, and bought into, the change journey Main duties of the job Provision of a virtual Security Operations Centre function, including monitoring and reviewing the Security Information & Event Management system and other controls. Proactive analysis and identification of suspicious/malicious activity. Evaluation … of data for patterns and trends in incidents, ensuring corrective and preventative actions. Support the Cyber Security Awareness Programme, addressing Information Security Management System, Cyber Essentials, and NIS-R requirements. Maintain up-to-date knowledge of cyber threats and apply this through threat hunting. Assist in developing and delivering monitoring systems to measure compliance with standards. More ❯

About SPS: Special Projects and Services Limited (SPS) is a UK-based security and risk management company founded in 1991. Operating globally, SPS provides crisis response, risk assessment, medical operations support, and project management in high-risk or complex environments. Known for its expertise in global assistance and specialist security operations, SPS was acquired by Concentric … in 2025, strengthening its position as a trusted provider of integrated risk and crisis management solutions. Overview: You will support the delivery of IT services across the UK business, assisting with technical support, device management, and ongoing tech ops projects. This role provides structured, hands-on training in IT systems administration, cyber security, and compliance, contributing to … access permissions, and documenting asset inventory. Support the purchase, setup, and installation of IT equipment as required. Maintain an accurate inventory of all technology assets, ensuring updates to asset management systems. Assist in developing, documenting, and managing processes for supporting the IT environment holistically, including but not limited to: workstation deployment, system access management, software patching/upgrades More ❯