Information Security

Nemean is looking for an Information Security Manager to own and manage our internal

ISMS, compliance and security program while also delivering specialist Information

Security and Assurance consulting to clients (DPO-as-a-Service and vCISO). Ideally with

5+ years in information/cyber security, including 3+ years leading ISMS/risk/compliance

programs and mentoring others. Can demonstrate ownership of an ISO 27001 program;

practical exposure to SOC 2 and Cyber Essentials Plus. Comfortable overseeing

SIEM/logging, EDR/XDR, vulnerability scanning, patch governance, IAM, and secure

configuration. Cloud experience (AWS/Azure/GCP) and light scripting (e.g., Python) are a

plus. Hands-on with GDPR workflows (DPIAs, DSARs, data mapping/ROPA, breach

handling). Clear, confident presenter who can translate risk and controls for executives,

clients, and engineers; strong writing for policies and board materials. Evidence calendars,

runbooks, OKRs/KPIs, and cross-functional steering to drive measurable improvements.

Responsibilities:

• ISMS ownership (ISO 27001:2022): Maintain scope, SoA, control design/testing, internal audits, management reviews, KPIs, and continual improvement.

• Risk management: Keep the asset inventory and risk register current; drive risk treatment, exceptions, and change control with clear owners and timelines.

• Security operations oversight: Govern daily log review for critical systems; run weekly alert/vulnerability triage; coordinate patch cycles; oversee SIEM/EDR/XDR; enforce IAM standards (RBAC, least privilege).

• Resilience & recovery: Lead annual BCP/DR/IR exercises (tabletops, restore/failover drills), track corrective actions, and prove RTO/RPO alignment.

• Audits & certifications: Orchestrate ISO 27001 certification/surveillance, SOC 2 readiness/evidence, and Cyber Essentials Plus; manage evidence calendars and auditor interactions.

• Policies & awareness: Own policy lifecycle; deliver bi-annual awareness; embed security into onboarding/offboarding; run periodic access reviews.

• Third-party risk: Chair vendor reviews, perform due diligence for new suppliers, and maintain a living vendor risk matrix.

• People leadership: Coach and develop the Information Security Team; set goals, plan workload, and raise the bar on operational excellence.

• DPO-as-a-Service: Run DPIAs, maintain/advise on ROPA, oversee DSARs, and act as the liaison for regulator communications when needed.

• vCISO services: Provide threat-intel updates, board-level briefings, security roadmaps, and control-gap remediation plans for select clients.

• Client assurance: Complete security questionnaires, policy/evidence reviews, and guide clients through BCP/DR/IR tests and access reviews.

• Incident support: Be available for on-call advisory during client incidents; coordinate investigation, containment, and lessons learned.

Desirable Certifications

• ISACA: CISM, CRISC, CISA

• (ISC)2: CISSP (or CCSP for cloud)

• IAPP: CIPP/E, CIPM (for DPO duties)

• ISO 27001: Lead Implementer and/or Lead Auditor

Salary & Benefits:

• Base salary: £65,000 pa

• Bonus: Bonus exclusive of the above base salary.

• Location: London, flexible working available.