Information Security Manager

Information Security Manager

South Wales

Yolk Recruitment is exclusively partnered with a growing technology business in the search for an Information Security Manager for a new role with real ownership, visibility and influence across the organisation.

This is an opportunity to take responsibility for information security governance in a regulated business where ISO 27001, data protection, supplier assurance, audit readiness and risk management all matter. You'll be the internal point of expertise for information security, owning the ISMS and helping shape how information security is understood, managed and improved as the business continues to grow.

The role sits between compliance, risk, governance and technical security. It is not a hands-on IT infrastructure role, and it is not a pure cyber operations position, but you will need enough technical understanding to work effectively with IT stakeholders, define what good controls look like and assess whether they are working properly.

As Information Security Manager, you'll work closely with senior leadership and teams across IT, Operations, Legal and wider business functions. You'll make sure policies, controls, audits, risk reviews, corrective actions and awareness activities are not just documented, but properly embedded across the business.

This is what you'll be doing as Information Security Manager

• Own, maintain and improve the ISMS in line with ISO 27001.
• Manage information security risk assessments, treatment plans and the risk register.
• Plan and deliver the internal audit programme for information security.
• Prepare the business for ISO 27001 surveillance and recertification audits.
• Manage corrective actions, non-conformities and audit evidence.
• Develop, review and maintain information security policies and procedures.
• Support GDPR, NIS2 and wider information governance requirements.
• Manage the information security incident process, including escalation, investigation and lessons learned.
• Assess third-party and supplier information security risk.
• Support information security awareness across the business.
• Report clearly to senior management on risk, audit performance, incidents, control effectiveness and compliance.

The experience you'll bring to the team

• Experience in compliance, information security, risk management or governance
• Strong working knowledge of ISO 27001.
• Experience managing, implementing or auditing an ISMS.
• ISO 27001 Lead Implementer or Lead Auditor certification is desirable
• CISM, CISSP, CRISC, an information security degree or equivalent professional background.
• Understanding of risk assessment methods such as ISO 27005, NIST or similar.
• Experience planning and conducting internal audits.
• Good understanding of GDPR, data protection principles and breach notification requirements.
• Confidence working with senior stakeholders, technical teams and external auditors.
• Strong written communication skills, with the ability to produce practical policies, procedures and reports.
• Experience in a regulated or audit-led environment would be helpful, but strong ISMS ownership is the key requirement.

What you'll get

• Competitive salary in line with experience
• 25 days holiday plus bank holidays.
• Company bonus.
• Pension scheme with 5% company contribution.
• Annual salary review.
• Cycle to Work Scheme.
• Flexible start and finish options, including an early finish on Friday.
• A role with genuine ownership, visibility and influence across the business.
• The chance to shape a critical area of compliance in a growing, future proof business

Are you up to the challenge?

If you feel you have the skills, experience and passion to be successful in this Information Security Manager role apply now!*Please note, whilst we do our best to contact all candidates, due to the high number of applications we receive we cannot guarantee this for every role. If you have not heard anything from us within 7 days of applying - then unfortunately you have been unsuccessful. Please keep an eye on our website for more opportunities