Information Security Manager
Were looking for an Information Security Manager to take ownership of information security across the business. Youll be the go-to authority on cybersecurity managing security tooling, driving compliance programmes, leading risk assessments and communicating security posture to senior leadership.
Weve built strong foundations and we need someone to own this domain full-time: to keep raising the bar, strengthen whats in place and embed security into the way the whole organisation works. This is a hands-on role in a fast-growing e-commerce business where security is treated as a priority, not an afterthought.
What Youll Do
Security Operations & Tooling
Required
In your first six months youll have:
Weve built strong foundations and we need someone to own this domain full-time: to keep raising the bar, strengthen whats in place and embed security into the way the whole organisation works. This is a hands-on role in a fast-growing e-commerce business where security is treated as a priority, not an afterthought.
What Youll Do
Security Operations & Tooling
- Own and continuously strengthen our cloud security posture across AWS as our primary platform, with oversight of our Azure and GCP environments.
- Manage and optimise our WAF, bot management and DDoS protection to keep our platform secure and performant.
- Drive vulnerability management across cloud infrastructure and application code, ensuring timely prioritisation and resolution.
- Lead incident response coordinate detection, investigation, containment and post-incident reviews.
- Maintain and evolve security monitoring, alerting and operational runbooks to ensure consistent coverage.
- Governance, Compliance & Policy
- Own and evolve the companys information security policy framework, ensuring policies remain current, practical and enforced.
- Drive UK GDPR, DPA 2018 and PCI-DSS compliance in partnership with the Technology Director and development team.
- Lead the security dimension of vendor and third-party risk assessments.
- Deliver clear, confident security reporting to senior leadership and due diligence audiences.
- Risk Management & Security Culture
- Maintain and develop the technology risk register, running regular risk assessments aligned to business continuity planning.
- Champion security awareness across the business through training programmes, phishing simulations and practical guidance.
- Evaluate the security implications of new tools, integrations and emerging technologies including AI-assisted development.
- Contribute to architecture and design reviews, ensuring security is built in from the start.
Required
- Experience in an information security role (Security Manager, Security Analyst, GRC lead or similar), ideally within a technology or e-commerce environment.
- Working knowledge of AWS security services such as Security Hub, GuardDuty, IAM, CloudTrail and KMS. AWS is our primary cloud provider and hands-on familiarity is important.
- Practical understanding of UK GDPR, DPA 2018 and PCI-DSS compliance requirements.
- Experience building or maturing security governance policies, risk registers, incident response procedures.
- Ability to communicate security risk and posture clearly to both technical teams and senior leadership.
- Hands-on comfort with security tooling, log analysis and vulnerability triage this isnt a role where you only write documents.
- Relevant certifications such as CompTIA Security+, CISM, AWS Security Specialty or ISO 27001 Lead Implementer.
- Experience with WAF and bot management in a production e-commerce context.
- Familiarity with SIEM, SOAR or security automation tooling.
- Exposure to ISO 27001 implementation or SOC 2 readiness programmes.
- Experience with multi-cloud security across Azure and GCP.
- Background in e-commerce, retail or DTC brands.
In your first six months youll have:
- Taken full ownership of our security tooling and established a clear, measurable improvement plan.
- Built a structured vulnerability management lifecycle with defined SLAs and visible progress.
- Strengthened our policy framework and set direction toward a recognised maturity framework.
- Delivered security reporting that gives senior leadership a clear and confident view of our posture.
- Launched a security awareness programme with measurable engagement across the business.
- Built strong working relationships across the technology team and the wider business.
- Commercially wired - you think in LTV, contribution margin, and payback periods, not just campaign metrics
- Ownership mindset - you don't wait to be told; you identify the gap and go close it
- Comfortable with ambiguity - the playbook doesn't fully exist yet; you'll write it
- Bias for testing - you run experiments, read the data, and act on it quickly
- Customer-obsessed without being soft - you understand what makes Protein Works' community tick and you use that commercially
JBRP1_UKTJ