Information Security Manager (Perm - Hybrid) (Manchester)

We are seeking an Information Security Manager for a global retail organisation based near Manchester or Midlands (hybrid position) on a permanent basis.

This is a hands-on security management role responsible for overseeing governance, risk, compliance, and security operations across global regions. The role focuses on embedding robust security frameworks, maintaining compliance, and supporting effective operational security across the business.

Key Responsibilities

1. Security Governance & Compliance

• Develop and implement information security policies, standards, and procedures across global operations.
• Ensure compliance with recognised frameworks such as ISO 27001, NIST, and others as required.
• Lead annual security audits and maintain continuous compliance across regional entities.

2. Enterprise Risk Management & Supply Chain Security

• Maintain and improve the global information security risk management framework.
• Conduct regular security risk assessments and support mitigation planning.
• Manage supply chain security, including vendor risk assessments and responses to customer due diligence.

3. Incident Response Policy & Preparedness

• Develop and maintain cybersecurity incident response policies and playbooks.
• Work with regional IT teams to ensure incident response processes are well understood and consistently applied.
• Promote awareness and preparedness through guidance and documentation.

4. Security Operations & Third-Party Oversight

• Collaborate with the Security Operations Centre (SOC) to enhance operational security practices.
• Manage relationships with third-party security providers, ensuring coverage of regional threats and vulnerabilities.
• Oversee third-party risk management, including onboarding and ongoing assessments.

5. Stakeholder Engagement & Support

• Build strong relationships with internal stakeholders across global IT and business functions.
• Align security practices with operational needs and provide support to regional teams as required.

Experience & Qualifications

• 5+ years of experience in cybersecurity, IT governance, or risk management roles.
• Solid understanding of compliance standards such as ISO 27001, NIST, and related frameworks.
• Proven experience in developing and maintaining security policies, audit readiness, and risk frameworks.
• Familiarity with global operational environments and cross-regional collaboration.
• Experience of managing within less regulated industries and small cyber functions.
• Strong communication and documentation skills to support policy rollout and stakeholder engagement.

Please contact me for details and a further discussion.

Thanks