Information Security Manager

About the role

The Information Security Manager will lead the development and continuous improvement of the organisation’s information security management system. Reporting to senior leadership, the role ensures that security strategy, risk management, policies and compliance are aligned with regulatory requirements and business objectives while providing independent oversight of controls.

Key responsibilities

• Define, maintain and enhance the Information Security Management System (ISMS) in line with organisational goals and regulations.
• Develop and enforce security policies, standards and procedures covering identity, data protection, endpoint, email, cloud and SaaS usage.
• Own the risk management process: identify, assess, treat, accept and review security risks.
• Act as control owner for security governance while technical teams retain operational ownership.
• Lead internal and external audits (e.g., ISO 27001, data‑protection audits) and drive remediation to closure.
• Specify security control requirements such as Conditional Access, DLP, PKI, logging and monitoring.
• Approve risk exceptions, compensating controls and residual risk in accordance with governance processes.
• Establish and report security KPIs/KRIs to senior leadership.
• Oversee incident governance, defining classification, escalation and communication procedures.
• Coordinate security awareness and training programmes across the organisation.
• Ensure data‑protection and privacy requirements are embedded in processes, applications and third‑party contracts.

Required profile

• Bachelor’s degree in Information Security, Computer Science, Information Systems or a related field.
• Professional security certification (e.g., CISSP, CISM, ISO 27001 Lead Implementer) preferred.
• Proven experience in security governance, risk management and audit coordination.
• Strong understanding of regulatory requirements and industry best practices.

Required skills

• Identity security
• Endpoint security
• Email security
• Cloud security
• SaaS security
• Conditional Access
• Data Loss Prevention (DLP)
• Public Key Infrastructure (PKI)
• Logging
• Monitoring