Group Information Security Manager
Group Information Security Manager
Location: Blackfriars, London – hybrid
Salary: £60-65K plus excellent benefits package
Contract: 12-month FTC, with possibility of extension
About the Opportunity
Join a UK-based, purpose-led organisation working with public, private and third sector partners to design, test and scale practical innovations that improve outcomes for people and communities.
The organisation is merging two existing Information Security Management Systems into one coherent Group-wide framework. The security strategy is already in place, so this role is focused on execution, delivery, stakeholder management and clear communication.
It will suit a hands-on player-manager who can improve processes, embed controls and coordinate audit readiness across a complex, multi-entity environment.
Key Requirements
You will be an experienced Information Security Manager, ISMS Manager, Information Security Lead, Cyber Security Governance Manager or similar, with strong practical experience across:
• ISO 27001, ideally including ISO 27001:2022
• Cyber Essentials and Cyber Essentials Plus
• ISMS management, implementation and continuous improvement
• Internal and external audit preparation, evidence gathering and remediation
• Information security risk management, asset registers and risk logs
• Corrective action tracking, incident management and practical controls
• GDPR, Data Protection Act awareness and wider data protection implications
• Stakeholder management, communication and influencing without direct authority
• Working across multiple entities, departments or subsidiaries
• Supplier and third-party security assessments
• Desirable: NIST, CISM or similar security qualifications
Prior experience merging or aligning ISMS frameworks would be a significant advantage.
Role & Responsibilities
• Support the merger of two existing ISMS frameworks into one Group-wide model
• Reduce duplication, clarify ownership and improve visibility across entities
• Deliver against the existing Information Security roadmap
• Embed security controls into day-to-day business processes
• Support ISO 27001, Cyber Essentials and Cyber Essentials Plus audit activity
• Coordinate audit readiness, staff preparation, evidence collection and remediation
• Maintain security policies, standards, risk logs, asset registers and treatment plans
• Support Information Security Management Reviews and governance reporting
• Manage corrective actions and improve tracking of risks, incidents and actions
• Work closely with IT, Technical Architecture, Finance, Legal and business stakeholders
• Support supplier security reviews, incident response, BCP and disaster recovery activity
Why Join?
A visible and practical Group Information Security Manager role focused on delivery, not just policy ownership.
You will help merge and mature the organisation’s ISMS framework, improve audit readiness, strengthen controls and embed a clear, practical security culture across a collaborative, purpose-led organisation.