Information Security Manager

£70,000- £75,000 PA

Central London

Well-established construction engineering business is seeking an experienced Information Security Manager to join them on a permanent basis. You'll be joining at a critical time where they are expanding their technical team with an ambitious growth plan with multiple acquisitions planned over the coming years.

The Information Security Manager will be a crucial component in ensuring the effective management of both the technical cyber security environment and wider information security management piece for the business. This role is responsible for ensuring robust cyber security controls with a strong emphasis on ISO 27001 readiness. You'll liaise with assessors and internal teams, drive ISO-related strategies and use prior experience to ensure certification plans stay on track. Working with external teams to align processes, you'll also oversee InfoSec/Cyber services, conduct risk assessments and recommend security improvements.

Responsibilities:

Ownership and maintenance of all security related policies and procedures, implementing Security by Design and driving a culture of cyber security awareness in the business

Liaise with external ISO27001 assessors and internal teams to ensure smooth assessments

Actively contribute to ISO processes, strategies and problem-solving

Use prior ISO experience to support certification readiness

Working closely with stakeholders across the business in relation to Information Security Strategy and the creation, delivery and maintenance of a robust Cyber Security roadmap

Handle varied and complex security challenges, from system reviews to high-level risk assessments

Work closely with third-party suppliers in relation to audits, forensic analysis and pen testing

Requirements:

Experience with ISO 27001 is essential

Strong background in cyber security management

Proven experience in identifying and mitigating security risks#

Ability to make actionable recommendations for security improvements

Experience with GDPR and data protection, together with knowledge of IS standards

Security assessment frameworks (threat modelling, controls assessment, risk assessment)

Relevant qualifications; CISSP, CISM or similar would be beneficial.

Based in Central London, 4 days per week onsite initially dropping to 3 once passed probation