Information Security Manager

Data Protection & Information Security Manager

Location: Manchester (Hybrid)

Role Type: Permanent

Role Overview

We are seeking an experienced Data Protection & Information Security Manager to take ownership of our organisation’s information security governance and ISO 27001 accreditation.

This is a high‐impact role focused on ensuring the organisation maintains strong security standards, remains compliant with regulatory requirements, and continuously improves its security posture. The successful candidate will act as the central point of accountability for ISO 27001 management, policy governance, and information security oversight.

Key Responsibilities

ISO 27001 Ownership (Core Requirement)

• Take full ownership of the ISO 27001 accreditation, including:
• Ongoing maintenance and governance of the ISMS
• Leading annual certification and renewal processes
• Coordinating and facilitating quarterly review meetings
• Ensure all controls are implemented, maintained, and continuously improved
• Act as the primary point of contact for internal and external auditors.

Security Governance & Policy Management

• Develop, review, and maintain information security policies, standards, and procedures
• Ensure policies are clearly communicated across the organisation and embedded into business processes
• Drive initiatives to strengthen security awareness and culture across teams
• Support internal stakeholders in aligning to governance frameworks and security best practices

Risk & Compliance Management

• Identify, assess, and manage information security risks across the organisation
• Ensure compliance with regulatory and industry standards
• Lead and manage responses to security incidents, audit findings, and compliance gaps
• Collaborate with technical teams to ensure effective remediation and risk mitigation

Stakeholder Engagement

• Act as a key interface between IT, Security, Compliance, and business teams
• Lead governance forums and working groups to drive alignment and accountability
• Provide clear reporting and updates to senior stakeholders on risk, compliance, and security posture

Data Protection (Secondary Focus)

• Maintain a strong understanding of GDPR and data protection principles
• Support data protection initiatives and ensure alignment with information security policies
• Work with relevant stakeholders to ensure proper handling of personal data

Required Experience

• Proven experience owning and managing ISO 27001 accreditation end‐to‐end (non‐negotiable)
• Strong background in information security governance, policy creation, and compliance frameworks
• Experience managing audits, certification processes, and regulatory requirements
• Ability to lead review forums, risk discussions, and stakeholder engagement sessions
• Experience handling security incidents, audit findings, and remediation activities
• Strong understanding of GDPR and data protection practices

Desirable Experience

• Background in cyber security operations, vulnerability management, or security engineering
• Experience delivering security awareness or culture programmes
• Familiarity with frameworks such as NIST, CIS, or similar standards
• Experience working in large, complex or regulated environments

Key Skills & Attributes

• Strong stakeholder management and communication skills
• Ability to translate technical risk into business context
• Highly organised with strong attention to detail
• Proactive and confident in leading governance and compliance processes
• Ability to operate effectively in auditable, high‐scrutiny environments
• Collaborative mindset with the ability to drive change across teams

Screening & Vetting

All candidates will be required to pass enhanced Level 2 MOJ vetting, including:

• Employment and address history checks
• Financial and social media background checks
• Criminal record screening

Pre‐screening questions will be required prior to submission.