Information Security Manager

Information Security Manager (GRC)

£75,000 | Central London | Hybrid, 4 days in office | Permanent

I'm supporting a growing FTSE-listed business that is looking to hire an Information Security Manager to play a central role in protecting its information assets across both business and property technology.

This would suit someone who enjoys operating with breadth over depth: an all-rounder who is happy moving between governance, risk and compliance work and broader cyber security topics within a small, high-impact team.

The role

Reporting to the Head of Information Security, you will lead the development, implementation and management of the information security governance, risk and compliance programme, ensuring alignment with regulatory requirements and industry standards such as ISO 27001 and NIST. You will also engage credibly with the wider infosec team, challenge supplier technical proposals, and contribute to operational security activities where required.

Key responsibilities include:

  • Developing and maintaining information security policies, standards and procedures, and monitoring compliance
  • Completing security assessments for third party suppliers, assets and projects, and maintaining the supplier risk assessment process
  • Identifying and assessing information security risks, maintaining the risk register, and implementing risk mitigation strategies
  • Ensuring compliance with relevant laws and standards (e.g. GDPR, ISO 27001) and supporting internal and external audits
  • Building strong stakeholder relationships across the business and articulating the need for information security to technical and non-technical stakeholders
  • Delivering security awareness and training, including phishing tests, remediation training and course rollout
  • Managing the information security steering committee, including secretariat duties, minutes and actions
  • Developing a working understanding of the security technology stack (SIEM, email security, DLP, endpoint, identity, vulnerability management) sufficient to engage credibly with the team
  • Critically reviewing supplier technical proposals, architectures and security testing reports (e.g. SOC 2, penetration test reports)
  • Supporting incident response and operational infosec activities as required
  • Maintaining awareness of AI developments relevant to information security, supporting the AI governance framework, and identifying opportunities to leverage AI within the infosec function

What they are looking for

Required:

  • Demonstrable experience in an information security role with significant GRC exposure, alongside working knowledge of broader cyber security disciplines
  • Experience of ISO 27001 ISMS implementation and management, and the certification process
  • Strong Microsoft 365 skills, including familiarity with enterprise security tooling
  • Risk management experience
  • Experience with third party risk management software (such as SureCloud, OneTrust or similar)
  • Working understanding of common cyber security domains: network security, endpoint protection, identity and access management, vulnerability management and security testing

Preferred:

  • ISO 27001 or NIST framework experience, and ISO 27005 risk management
  • Exposure to AI governance frameworks (e.g. NIST AI RMF) or developing AI use-case risk assessments
  • Exposure to property technology
  • Experience reviewing penetration test reports, SOC 2 reports or supplier security architectures
  • Hands-on experience supporting incident response or security operations

Desirable accreditations: ISO 27001 Lead Auditor / Implementer, ISO 27005, CISSP, CISM or equivalent, and CompTIA Security+ or an equivalent foundational technical certification.

The ideal candidate will have the technical curiosity to engage the wider infosec team on operational topics, a genuine interest in AI and its application to security, and a pragmatic mindset that recognises the balance between security and productivity.

Package

  • Salary: £75,000
  • Hybrid working, 4 days in the office (Central London)
  • Full benefits package

This would suit someone who wants to make a big impact in a small team, act as a trusted advisor across the business, and deliver real value by translating technical detail for senior, non-technical stakeholders.

Please message me directly if you would like to discuss the role, or feel free to share with someone in your network.

Job Details

Company
LT Harper Recruitment Group
Location
City of London, London, United Kingdom
Hybrid / Remote Options
Posted