Information Security Manager

We’re Summize, an ambitious legal tech scale-up based in the US and UK, working with businesses all over the globe. Our mission is simple, to get entire businesses working faster and smarter with contracts. We’re a growing team making big things happen out of HQs in Manchester, UK, Boston, US and San Diego, US and we’re not stopping. Following our recent $50 Million Series B investment we’re looking for forward-thinkers, innovators and problem solvers to join our dynamic team as we enter our next growth phase.

The Role

The Information Security Manager is responsible for protecting the organisation’s systems, data, and endpoints by implementing and maintaining effective security controls, ensuring compliance with industry standards, and supporting the ongoing maturity of the company’s security posture.

This role sits within the organisations internal IT function and also plays a key role in supporting customer trust through security assurance activities during the sales process

Role Responsibilities

Compliance & Governance (ISO 27001, SOC 2)

  • Support the implementation and maintenance of ISO 27001 and SOC 2 controls
  • Manage audits including evidence collection, and documentation
  • Maintain security policies, procedures, and control frameworks
  • Track and support remediation of audit findings and control gaps

Security Operations & Monitoring

  • Monitor security alerts and respond to incidents across systems, endpoints, and SaaS tools
  • Investigate and triage potential security threats, vulnerabilities, and suspicious activity
  • Support incident response processes, including documentation, containment, and remediation
  • Maintain and improve security tooling (e.g. EDR, SIEM, email security)
  • Ensure consistent documentation of the companies security posture and apply continuous improvement principles to improving it.

Endpoint & Device Security

  • Working closely with the Global IT Manager and Engineer to ensure that the appropriate endpoint protection tools and strategies (e.g. antivirus, EDR, MDM) are in place, deployed and maintained
  • Working with the Global IT Manager to ensure enforcement of device compliance policies (patching, encryption, access controls)
  • Support secure onboarding and offboarding of employees from a device/security perspective

SaaS & Systems Security

  • Support secure configuration and management of SaaS platforms (e.g. identity providers, collaboration tools)
  • Manage access controls, permissions, and identity lifecycle (joiners/movers/leavers)
  • Conduct regular access reviews and ensure least-privilege principles are applied
  • Identify and remediate misconfigurations across systems

Risk & Vulnerability Management

  • Ensure that the appropriate penetration tests and vulnerability scans are in place and track remediation efforts
  • Support risk assessments across systems, vendors, and processes
  • Maintain risk registers and support prioritisation of security initiatives
  • Partner with engineering and IT to remediate identified risks

Pre-Sales & Customer Security Assurance

  • Support completion of customer security questionnaires, RFPs, and due diligence requests
  • Act as a subject matter expert on the company’s security posture during the sales process
  • Collaborate with Sales, Customer Success, and Legal teams to respond to security-related queries
  • Maintain and continuously improve a library of standard security responses and documentation
  • Provide supporting materials (e.g. policies, certifications, architecture overviews) to customers
  • Participate in customer calls where deeper security assurance or technical validation is required
  • Ensure consistency and accuracy of security messaging across all customer-facing materials

Security Awareness & Training

  • Support delivery of security awareness training programmes
  • Promote best practices for security across the organisation
  • Assist with phishing simulations and user education initiatives

What we’re looking for

  • Experience with endpoint security tools (EDR, MDM, antivirus)
  • Familiarity with SaaS environments and identity/access management (IAM)
  • Understanding of security frameworks such as ISO 27001 and SOC 2
  • Knowledge of vulnerability management and risk assessment practices
  • Ability to translate technical security controls into clear, customer-friendly language
  • Experience supporting RFPs, security questionnaires, or customer due diligence processes
  • Strong written communication skills for structured and accurate responses
  • Ability to engage confidently with customer stakeholders when required
  • Strong analytical and problem-solving skills
  • Attention to detail and ability to document processes clearly
  • Proactive and collaborative approach across technical and commercial teams

What we offer

  • 26 days holiday plus flexible bank holidays (increasing by one holiday for each year of service, up to a maximum of 30 days)
  • Healthcare cash plan with Simply Health
  • Access to several health care services, including free Virtual GP service, available 24 hours a day, 7 days a week
  • Cycle to Work and Tech Scheme
  • Access to discounts on things like travel, electronics, fashion, fitness and more
  • Rich learning and development opportunities supported through Udemy Business
  • City centre offices with fantastic perks, fully stocked fridge providing soft drinks and complimentary breakfast
  • Work from anywhere after one year of employment
  • Employee share option scheme
  • Regular social activities and events
  • Opportunity to be a part of one of Manchester’s hottest tech scale ups
Apply Now
Apply Now

Job Details

Company
Summize
Location
Manchester Area, United Kingdom
Posted